I am a beginner with Python. I want to write a program as "runas" in
Windows XP.
But I have got the following error:
File "C:\Python23\Lib\site-packages\Pythonwin\pywin\framework\scriptutils.py",
line 310, in RunScript
exec codeObject in __main__.__dict__
File "C:\python\Script1.py", line 30, in ?
File "C:\python\Script1.py", line 14, in AdjustPrivilege
print "Started as: ", win32api.GetUserName()
error: (5, 'OpenProcessToken', 'Access is denied.')
There is my program :
import win32security
import win32process
import win32api
import win32con
import sys
import time
import os
from ntsecuritycon import *
def AdjustPrivilege(priv, enable = 1):
# Get the process token.
flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
flags)
# Get the ID for the privilege.
id = win32security.LookupPrivilegeValue(None, priv)
# Now obtain the privilege for this process.
# Create a list of the privileges to be added.
if enable:
newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
else:
newPrivileges = [(id, 0)]
win32security.AdjustTokenPrivileges(handel, 0, newPrivileges)
# and make the adjustment.
handel=win32security.LogonUser('administrator','domain','pwd',win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)
win32security.ImpersonateLoggedOnUser(handel)
AdjustPrivilege(SE_TCB_NAME)
AdjustPrivilege(SE_INCREASE_QUOTA_NAME)
AdjustPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)
AdjustPrivilege(TOKEN_DUPLICATE)
AdjustPrivilege(TOKEN_IMPERSONATE)
AdjustPrivilege(SE_CHANGE_NOTIFY_NAME)
print "Started as: ", win32api.GetUserName()
#this prints target username, impersonation successful
win32process.CreateProcessAsUser(handel,None,'notepad',None,None,0,0,None,None,win32process.STARTUPINFO())
#os.execv('c:', 'notepad')
#os.execv(path, args)
#runs program, not as target user
win32security.RevertToSelf()
handel.Close()
Could anyone help me ? What's wrong ? Thanks a lot ?
Best Regards,
Pete Fong
> I am a beginner with Python. I want to write a program as "runas" in
> Windows XP.
> handel=win32security.LogonUser('administrator','domain','pwd',win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)
IIRC, you can't use these win32 calls if you don't hav e appropriate rights.
Only administrators and backup users can do impersonation (see msdn or such
for details).
(I think Explorer gets around it by delegating the impersonation to some
system service).
"Pete Fong" <pm...@macau.ctm.net> wrote in message
news:9a361bc.04061...@posting.google.com...
> You'll probably need to call AdjustTokenPrivileges before LogonUser, since
> you need
> SE_TCB_NAME enabled for the calling process.
Can processes started under users that don't have that privilege acquire it
just like that?
Roger
"Ivan Voras" <i...@an.voras.fer.hr> wrote in message
news:campmv$hih$2...@bagan.srce.hr...