Announcement

**Scott Turchin** · 16 Aug 2001, 08:38 PM

I'm not sure that you can do that. I'm about 99% sure you cannot.
If you could, then any trojan writer would be able to write a trojan to do something like that....

any one else? I'm pretty sure but I could be wrong...

------------------
Scott

**Wayne Diamond** · 16 Aug 2001, 09:57 PM

CreateProcessAsUser and/or CreateProcessWithLogon ?
Google seemed fruitful with a search for: "Visual Basic" CreatProcessAsUser http://www.google.com/search?q=%22Vi...eProcessAsUser
Best of luck!
Wayne

[This message has been edited by Wayne Diamond (edited August 16, 2001).]

**Wayne Diamond** · 16 Aug 2001, 10:01 PM

Something else i found on a forum:

Re : CreateProcessAsUser API
--------------------------------------------------------------------------------
Using these APIs is not really practical from an application - they're really meant to be used by services. It can be done, though.

First, you must be using windows NT. Secondly the originating user must have the "Act as part of the operating system" right set in their policy (it's an advanced setting, so you have to click on the checkbox to see it).

Once this is done you can log an alternative user onto the system using LogonUser:

Code:

Dim rv As Long, hToken As Long 
rv = LogonUser("administrator", vbNullString, "adminpw", LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, hToken)

This returns a user token in the hToken variable. You can then use this value to impersonate the user you just logged on, or to create processes as if they had run them. E.g.

rv = ImpersonateLoggedOnUser(hToken)

It should be noted that although this *can* be done it is not recommended from a security viewpoint. The standard way of doing this kind of thing is to have a service that handles any kind of user impersonation for you and that accepts messages from your application.

------------------

**Knuth Konrad** · 17 Aug 2001, 12:33 AM

Originally posted by Scott Turchin:
I'm not sure that you can do that. I'm about 99% sure you cannot.

Scott,

If you're using W2K (and I seem to remember you do), type RUNAS /? at a command prompt and see for yourself.

Knuth

------------------
http://www.softAware.de

**Semen Matusovski** · 17 Aug 2001, 05:42 AM

LogonUser requires name & password. How to retreive them on "uknown PC" ? (note, with restricted privilegs)

------------------
E-MAIL: [email protected]

**Wayne Diamond** · 17 Aug 2001, 10:41 PM

You mean other than a dialog window asking for user input? No idea sorry :/ (are you sure that's even possible if you dont have a login password? being Admin and all... )

------------------

Announcement

Administrator's rights

Administrator's rights

Comment

Comment

Comment

Comment

Comment

Comment