hi, friends,
does anyone knows about CreateProcessAsUser(..).
I need to make it work in windows xp.
i have code with me but upto windows 2000 it is o.k but in windows xp, i am gettint error 1314 which means a required privilage is not held by the client.
If anybody has worked on this please do help me yaar.
i am struggling for the last 2 weeks on this.
please do help me.
bye
harinath
:p
i can attach code if one one wants..
it is there in MSDN also.
thanx in advance
yah.. i am adding the code also.
please do minor changes in the code
for user name, domain, password etc near main() function.

here I am attaching the source code
please do changes for logonuser function(user name, domain, password)

hope i can find some help from some kind hearted skilled people
thanx again in advance
bye

The error message is telling you the problem - you're not allowed to create a process as another user because nobody has granted you the privilege to do this.

From 'Windows NT Privileges' in MSDN:

SE_TCB_NAME
This privilege identifies its holder as part of the trusted computer base. Some trusted protected subsystems are granted this privilege. This privilege is required to call the LogonUser function.

User Right: .
Act as part of the operating system

So, in Control Panel.Administrative Tools.Local Security Settings, make sure your user name is listed for 'Act as part of the operating system'.

Thank you James, for your attention and information.
Yes, But MSDN says, we have to load the user profile also,before calling CreateProcessAsUser()
CreateProcessAsUser does not load the specified user's profile into the HKEY_USERS registry key. Therefore, to access the information in the HKEY_CURRENT_USER registry key, you must load the user's profile information into HKEY_USERS with the LoadUserProfile function before calling CreateProcessAsUser.


so i tried with LoadUserProfile() like the following.
I don't know whether I have to intialize the second parameter or not

LPPROFILEINFO lpProfileInfo;
if(!LoadUserProfile(
hToken,
lpProfileInfo
)){
printf(" error in load profile %ld",GetLastError());
}



now when i debug the application at this function i am getting access violation error, if i run normally am getting a window saying the my application has encountered a problem and needs to be closed.

any more help, I badly need to work with CreateProcessAsUser()

I added my updated code in the above post in this same thread (cpau.zip)so you can have a look at that.
thanks in advance

cheers
mahanare

Okay, I'm not going to debug your app for you 'cos you need to learn how to do it yourself, but I can help you learn:

Look at the MSDN help for LoadUserProfile. What does it say about the lpProfileInfo parameter?

What are you passing in?

Well, that parameter is to be initialized and I did that, but still CreateProcessAsUser() is giving me access violation.
I don't know what to do.

cheers
mahanare

Access Violation is caused by reading/writing to illegal memory - memory that you don't own (rare), in zero page (common - reading/writing NULL Pointers) or memory that is protected (very rare).

So, there's either a NULL pointer somewhere or one of your other pointers is not initialised.

The point I was making with the LoadUserProfile is that it should be like this:

PROFILEINFO ProfInf;
if (!LoadUserProfile(hToken, &ProfInf))....

The help says that the API takes an LPPROFILEINFO, which is just a Long Pointer to a PROFILEINFO. The help also says that this parameters is an in/out parameter, which means you must supply the structure for the API to use. An [out] parameter is allocated for you (and you must free it).

I modified your code in this way and it works fine for me.

Hi, James, Thanks for replying again.
well, I too saw the information about PROFILEINFO.
I understood why the access violation is arising so i modified my code and added the following lines

// load the user profile
PROFILEINFO ProfileInfo = { sizeof ProfileInfo, 0, szUserName };

if(!LoadUserProfile(hToken, &ProfileInfo))
{
printf(" error in load profile %ld",GetLastError());
}
LPVOID lpEnv;
if(!CreateEnvironmentBlock(&lpEnv,hToken,true))
{
cout<<"env problem";
}

and giving these parameters in CPAU function but now the access violation is not there but i am still getting the 1314 error,
what can be there?

You said it worked fine for you?
did the purpose served? I mean CreateProcessAsUser() worked for you, in that case can you attach the .zip of your code.

cheers
mahanare

This is what MSDN says -
The AdjustTokenPrivileges function CANNOT ADD new privileges to the access token. It can only ENABLE or DISABLE the token's existing privileges.

One more quote from MSDN -
In Windows 2000, the process calling LogonUser requires the SE_TCB_NAME privilege. The privilege does not need to be enabled (It must at least EXIST! - DZ). The LogonUser function enables the privilege as necessary. If the calling process does not have this privilege, LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD. Beginning with Windows XP, this privilege is no longer required.

The only way I found to successfully call LogonUser under Win2000 was to manually add SE_TCB_NAME privilege as JamesUK described. BTW - I used LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT as the 4-th and 5-th params.