Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

RunAs vs. CreateProcessWithLogonW()

787 views
Skip to first unread message

Kyle Lee

unread,
Jan 19, 2002, 7:34:48 AM1/19/02
to
Hello All,

On Windows2000:
Currently, the limited user cannot run the installation program since he
doesn't have access priviliege to "program files" directory.
If he runs
RunAs /user:domain_name\administrator "E:\setup.exe"
and provides the admin's password, "setup.exe" inherits admin's
privilege, and is able to install the application under "program files"
directory.

However, after I implemented "CreateProcessWithLogonW()", the limited
user can launch "setup.exe" but fails to install with the same reason:
the access denied to "program files" directory.

This means, RunAs & CreateProcessWithLogonW() are not same.
Am I missing something?

Here is the codes:

#define _WIN32_WINNT 0x500
#define UNICODE
#include <windows.h>
#include <stdio.h>
#include "ntsecapi.h"

int wmain(int argc, wchar_t *argv[])
{
PWSTR cmd = L"\"K:\\disk1\\setup.exe\"";
PROCESS_INFORMATION pi;
STARTUPINFOW si = {sizeof si};

if( !CreateProcessWithLogonW( L"administrator", L"mydomain",
L"adminpass", LOGON_NETCREDENTIALS_ONLY,
0, cmd, 0, 0, 0, &si, &pi )) {
printf( "CreateProcessWithLogonW(): %d\n", GetLastError() );
return 1;
}

WaitForSingleObject( pi.hProcess, INFINITE );
CloseHandle( pi.hThread );
CloseHandle( pi.hProcess );

return 0;
}


Thank you.
-Kyle

Chuck Chopp

unread,
Jan 19, 2002, 11:22:21 AM1/19/02
to
Kyle Lee wrote:

I think that the problem is the value you used for the dwLogonFlags
parameter. The LOGON_NETCREDENTIALS_ONLY flag means that in the newly
created process the supplied admin credentials only get used for accessing
resources over the network on remote systems; access to local resources uses
the same credentials of the process that called CreateProcessWithLogon().

Try changing the dwLogonFlags parameter value to be LOGON_WITH_PROFILE and
see if that solves the problem.


HTH,

Chuck
--
Chuck Chopp

Chuck...@rtfmcsi.com http://www.rtfmcsi.com
ICQ # 22321532
RTFM Consulting Services Inc. 864 801 2795 voice & voicemail
103 Autumn Hill Road 864 801 2774 fax
Greer, SC 29651 800 774 0718 pager
80077...@skytel.com


kyle lee

unread,
Jan 19, 2002, 8:56:22 PM1/19/02
to Chuck...@rtfmcsi.com
Thanks Chuck,

Actually I tried LOGON_WITH_PROFILE first, but somehow
CreateProcessWithLogonW() returned error if I remember correct. Right
now I am at home so I cannot test it but I will try it again first in
the morning this comming Monday.

- Kyle

kyle lee

unread,
Jan 21, 2002, 11:36:02 AM1/21/02
to
Sorry,
It was my mistake and now it works!

-Kyle

0 new messages