Announcement

Collapse
No announcement yet.

ShellExecute and ImpersonateLoggedOnUser

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Roger Garstang
    replied
    I ended up just using SHFileOperation to copy the file to a temp location and opening it with ShellExecute from there. It seems to work pretty well so far. fAnyOperationsAborted doesn't always return values in all cases though...from the docs it makes it sound like anything stopping the operation including errors set it when it says "An operation can be manually aborted by the user through UI or it can be silently aborted by the system", but usually only clicking cancel does.

    Leave a comment:


  • Michael Mattias
    replied
    I get the handle to the process opened.., maybe there is another function to change its user?
    Any handle is valid only in the process in which is was obtained, unless it is duplicated for use in another process.

    I would think if you CreateProcessAsUser and duplicate a handle you get in the calling process for that process, it would be valid in that process.

    But what you are describing does not sound like this kind of problem... it sounds more like you can't create the process for lack of permissions... or possibly you can create the process, but that errors out internally on lack of permissions.

    While security stuff is not my strong suit, I do know using the ShellExecute[Ex] function(s) won't get you where you want to go.

    Leave a comment:


  • Roger Garstang
    replied
    CreateProcessAsUser() would probably be the best of those. I had issues with it before...same as everyone with the rights, etc. Not sure if it would still apply here since I already have a handle, but to make it work with this it says I need to do the Duplicate handle stuff. Plus it looks like some other desktop setup and stuff in the notes. That may prove more difficult than I want. I may try using the API to get the file and save it to a temp location then open it from there. I might even try to properly use temp folders like other apps don't and set the flag to delete it when no handles have it open. That would mean waiting on Access to open it though, so I may have to find some code to figure out open handles to a file...that might be as complicated as the other option though.

    I was hoping it was something simple and I was just missing it. Maybe something about inheriting the handle not being setup, so shell functions don't get it or something? Or, maybe I'm missing a step. I get the handle to the process opened, maybe there is another function to change its user?

    Leave a comment:


  • Michael Mattias
    replied
    You could try CreateProcessAsUser() or CreateProcessWithLogonW()

    ??

    Leave a comment:


  • Roger Garstang
    started a topic ShellExecute and ImpersonateLoggedOnUser

    ShellExecute and ImpersonateLoggedOnUser

    I have a program with a thread that uses ImpersonateLoggedOnUser for Network connections only. I can make all other API calls within that thread and they work fine and use the Impersonated user for the network connections. I try the same thing in the thread to use ShellExecute or even the built-in SHELL command to open a folder or an Access Database that is on a share needing that Impersonated login and it uses only my login, so the share fails. Say the share is "\\machine\c$\folder\db.mdb" How would I go about making this use the login I'm impersonating in the thread? I've tried everything I can think of.
Working...
X