Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
LoadUserProfile
34 views
Skip to first unread message
David Youngblood
May 1, 2013, 12:03:36 PM5/1/13
to
I'm trying to load a user's profile (LoadUserProfile) using a token returned
from LogonUser. The call succeeds on XP, but fails on Win7 with error 1314
(ERROR_PRIVILEGE_NOT_HELD). Research tells me I need to enable
SE_BACKUP_NAME and SE_RESTORE_NAME priviledges on the token using
AdjustTokenPrivileges. The call to AdjustTokenPrivileges succeeds but also
returns error 1300 (ERROR_NOT_ALL_ASSIGNED). I'm open to suggestions as to
where to go next. My end goal is to impersonate a user (similar to RunAs)
and have access to the user's printers and mapped drives.
' Code succeeds on XP, not on Win7
Private Function EnablePriviledges(hToken As Long) As Boolean
Dim MyPrives As TOKEN_PRIVILEGES
Dim PrivilegeId0 As LUID
Dim PrivilegeId1 As LUID
Dim pPriv As Long
Dim iRet As Long
iRet = LookupPrivilegeValue(vbNullString, SE_BACKUP_NAME, PrivilegeId0)
If iRet = 0 Then
MsgBox "LookupPrivilegeValue error " & Err.LastDllError
Exit Function
End If
iRet = LookupPrivilegeValue(vbNullString, SE_RESTORE_NAME, PrivilegeId1)
If iRet = 0 Then
MsgBox "LookupPrivilegeValue error " & Err.LastDllError
Exit Function
End If
MyPrives.Privileges(0).pLuid = PrivilegeId0
MyPrives.Privileges(1).pLuid = PrivilegeId1
MyPrives.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
MyPrives.Privileges(1).Attributes = SE_PRIVILEGE_ENABLED
MyPrives.PrivilegeCount = 2
iRet = AdjustTokenPrivileges(m_hUserToken, False, MyPrives, 0, 0, 0)
If (iRet = 0) Or (Err.LastDllError <> 0) Then
MsgBox "AdjustTokenPrivileges error " & Err.LastDllError
Exit Function
End If
EnablePriviledges = True
End Function
from LogonUser. The call succeeds on XP, but fails on Win7 with error 1314
(ERROR_PRIVILEGE_NOT_HELD). Research tells me I need to enable
SE_BACKUP_NAME and SE_RESTORE_NAME priviledges on the token using
AdjustTokenPrivileges. The call to AdjustTokenPrivileges succeeds but also
returns error 1300 (ERROR_NOT_ALL_ASSIGNED). I'm open to suggestions as to
where to go next. My end goal is to impersonate a user (similar to RunAs)
and have access to the user's printers and mapped drives.
' Code succeeds on XP, not on Win7
Private Function EnablePriviledges(hToken As Long) As Boolean
Dim MyPrives As TOKEN_PRIVILEGES
Dim PrivilegeId0 As LUID
Dim PrivilegeId1 As LUID
Dim pPriv As Long
Dim iRet As Long
iRet = LookupPrivilegeValue(vbNullString, SE_BACKUP_NAME, PrivilegeId0)
If iRet = 0 Then
MsgBox "LookupPrivilegeValue error " & Err.LastDllError
Exit Function
End If
iRet = LookupPrivilegeValue(vbNullString, SE_RESTORE_NAME, PrivilegeId1)
If iRet = 0 Then
MsgBox "LookupPrivilegeValue error " & Err.LastDllError
Exit Function
End If
MyPrives.Privileges(0).pLuid = PrivilegeId0
MyPrives.Privileges(1).pLuid = PrivilegeId1
MyPrives.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
MyPrives.Privileges(1).Attributes = SE_PRIVILEGE_ENABLED
MyPrives.PrivilegeCount = 2
iRet = AdjustTokenPrivileges(m_hUserToken, False, MyPrives, 0, 0, 0)
If (iRet = 0) Or (Err.LastDllError <> 0) Then
MsgBox "AdjustTokenPrivileges error " & Err.LastDllError
Exit Function
End If
EnablePriviledges = True
End Function
ralph
May 2, 2013, 8:21:33 AM5/2/13
to
On Wed, 1 May 2013 11:03:36 -0500, "David Youngblood" <d...@flash.net>
wrote:
>I'm trying to load a user's profile (LoadUserProfile) using a token returned
>from LogonUser. The call succeeds on XP, but fails on Win7 with error 1314
>(ERROR_PRIVILEGE_NOT_HELD). Research tells me I need to enable
>SE_BACKUP_NAME and SE_RESTORE_NAME priviledges on the token using
>AdjustTokenPrivileges. The call to AdjustTokenPrivileges succeeds but also
>returns error 1300 (ERROR_NOT_ALL_ASSIGNED). I'm open to suggestions as to
>where to go next. My end goal is to impersonate a user (similar to RunAs)
>and have access to the user's printers and mapped drives.
>
"My end goal is to impersonate a user (similar to RunAs) and have
access to the user's printers and mapped drives."
Hopefully you can not, unless the program is run by that User or as an
Admininstrator.
>' Code succeeds on XP, not on Win7
>
Microsoft tightened security beginning with Vista.
-ralph
wrote:
>I'm trying to load a user's profile (LoadUserProfile) using a token returned
>from LogonUser. The call succeeds on XP, but fails on Win7 with error 1314
>(ERROR_PRIVILEGE_NOT_HELD). Research tells me I need to enable
>SE_BACKUP_NAME and SE_RESTORE_NAME priviledges on the token using
>AdjustTokenPrivileges. The call to AdjustTokenPrivileges succeeds but also
>returns error 1300 (ERROR_NOT_ALL_ASSIGNED). I'm open to suggestions as to
>where to go next. My end goal is to impersonate a user (similar to RunAs)
>and have access to the user's printers and mapped drives.
>
"My end goal is to impersonate a user (similar to RunAs) and have
access to the user's printers and mapped drives."
Admininstrator.
>' Code succeeds on XP, not on Win7
>
-ralph
0 new messages