The essentials of the problem:
1. Inetinfo.exe is a service which runs under the security privileges of the
"System" account
2. When a client connects to our ISAPI application, Inetinfo.exe spawns off
a thread to handle the request and the thread appears to be running under
the user specified for the ISAPI application (usually IUSR_XXX).
3. If this thread creates a new thread using a NULL/default security
descriptor, the new thread seems to be running under the "System" account
rather than under the account of the thread which created it.
In each of the cases we are identifying which user the thread is running
under by calling GetUserName.
How can this behaviour be altered, i.e. what is necessary to ensure that
"child" threads run under the same security context as the thread which
created them rather than the default security context of the process?
Thanks.
Samar Lotia
OpenThreadToken( GetCurrentThread(),
TOKEN_IMPERSONATE | TOKEN_QUERY,
TRUE,
&hToken )
RevertToSelf()
hThread = CreateThread( NULL, 0,
function, parameter,
CREATE_SUSPENDED, &tid )
SetThreadToken( &hThread, hToken )
ResumeThread( hThread )
SetThreadToken( NULL, hToken )
CloseHandle( hToken )
"Samar Abbas Lotia" <sal...@nquire.mail.com> wrote in message
news:eUB2zahEAHA.271@cppssbbsa05...