[RESOLVED] Get path of a user's desktop if running as admin

[Igor Vartanov]

So do they [at Microsoft] name registry keys with those text versions of user token SIDs?

Logged in user SID, not 'user token SID' whatever it is. And regarding 'do they?', I believe the answer is quite apparent. Yes, they do. Do load user's hive under textual SID name. I'm not sure what do you mean by 'security breach', but the key access is granted for SYSTEM, Administrators and user himself. Nobody else. Do you see any problem with security here?

[ahmd]

Do you see any problem with security here?

Yes, I thought Microsoft were striving to achieve user account isolation with each new release of Windows. In this case, an unprivileged process can obtain a path to another user account (like your code has illustrated). And that's what I meant by a security breach. Before you posted your code I was about to reply that I was unable to find a solution to something that is impossible, but you beat me to it... Your approach was very cool though.

[Igor Vartanov]

Sorry, but I still don't get it. Do you or don't you see a problem when user's hive is accessible for SYSTEM and Administrators? Are those 'unprivileged' or not in your vision of ideal security?