Digg
del.icio.us
Newsvine
Facebook
Google
LinkedIn
MySpace
Reddit
Slashdot
StumbleUpon
Technorati
Twitter
Windows Live
YahooBuzz
FriendFeedStart a Command As Any User
Click here for larger image
Environment: Windows NT 4.0 (and upwards) VC6
This is a complete console utility to start a command as a specified user on Windows NT. This uses the
LogonUserWindows API to programmatically logon to NT as a specified user with a given password. If this succeeds
CreateProcessAsUseris used to spawn a specified process as the user.
The main problem with LogonUser is that it requires the caller to possess a fairly high level privilege "Act as part of the operating system" to function. This is a powerful privilege which should not be freely given - the local adminstrators may often not have this privilege. As a work around for this, the utility first checks to see whether the user has the required privilege and if not the following occurs:
- The utility installs itself temporarily as a service running under the system account.
- The new service is started and the parameters (required user, process) are passed to the service via shared memory.
- The service then attempts to logon as the specified user and start the process. Results are returned back to the utility via shared memory.
- The utility then ends the service, uninstalls the service and displays results.
This works because the system account has high level privileges and usually the local admins group has permission to install services. For usage instructions type the executable with no parameters.
The source code also demonstrates the following topics:
- Windows security APIs (including lightweight template classes for dealing with SIDs, ACEs, ACLS, Security Descriptors, Privileges and Access tokens).
- Installing/configuring services programmatically using the service control manager.
- Writing an NT service (including a service template class which can implement a simple service in less than 20 lines of code).
- Using memory mapped files for sharing memory (including template class for automatic management of memory mapped files and other lightwieght kernel objects).
Downloads
Download demo project - 33 KbDownload source - 165 Kb
Comments
Martyn Brown looking for work
Posted by Fazer1000 on 10/19/2007 08:29amI'm currently looking for a position which allows me to program from home. Alternatively, I'm contemplating a new challenge and lifestyle change with a permanent/contracting position in a nice warm country other than the UK (any serious offer considered). Please contact me if you would like to see my CV. Techical skills below... C/C++ (10+ years), C#/.NET, COM/ATL, STL, MFC/wxWidgets, IBM MQSeries (6+ years) (including MQI/Admin), Windows NT (10+ years) (including RPC/Services/GUI development/ TCP/IP/ multithreading/etc), Visual Basic/VBA, UNIX daemons (ANSI C), x86 Assembler (inline/MASM), Cryptography, SQL Server, Microsoft Access V2 (5 years), Java.
ReplySerious intention to get into contact with Martyn C Brown
Posted by bativil on 07/10/2004 09:03pmSorry for disturbing other readers with such a request but it seems to be the only way to be sure that you "Martyn C Brown" receive it since we had no reply from you to our previous online messages. This "Comment" does not deal with the current topic/article but with another project of MCB [Xml parser tool] Dear Martyn. We would like to use a very small subset of your XML parser sources: meaning 'GetNextToken()' function. This function would be retrieved and integrated in an embedded software solution for a commercial product. Except from the copyright mention that is performed by the 'Help' messageBox (included in "McbXML.rc" file) no sign/trace of legacy aspect could be noticed: so what about licence/copyright concerning your tool ? I read the "Permissions" of CodeGuru and guess that in case I put 'GetNextToken()' in our software I shall let your "signature" in front of this function i.e I will let: /** **************************************************************************** *
Find the next token in a string.
* * @methodName McbGetNextToken * * @param *pXML * @param *pcbToken * @param *pType * * @return LPCTSTR * * @exception none * * @author Martyn C Brown * * @changeHistory * 17th August 2001 - (V1.0) Creation (MCB) **************************************************************************** But our lawyers say that it would be more safe to get some warranty from you as far as possible. Thanks in advance for your reply expected strongly. Regards.-
Reply
-
-
ReplyOur "good faith" having been proved
Posted by bativil on 11/13/2004 12:28pmWhat is it ==> This is a straightforward proposal
Posted by bativil on 09/23/2004 05:39pmDear Martyn. Thanks a lot for such a positive reply. We really need an "authentic" assertion from you (proving that you are the author --- whom I do NOT doubt at all --- and accurately certifying that we are authorized to use your sources). We are writing xml parsing for digital STB in a context of TV over ADSL (I made a non-recursive version of your tool and would be ready to provide it back to you). I can tell you more and give u the name of my company since we expect to receive official "commitment" from you. Very sincerely bativil@free.fr PS: this is a serious proposal, hoping neither bother nor "frighten" you
ReplyCool - what is it?
Posted by MCB on 09/15/2004 07:17amBativil, I'm responding from my works email (as my hotmail account has expired and I can't access it anymore from work) but I'm fine with you using the code anyway you see fit. Out of interest what are you writing? Regards Martyn
ReplyHow to invoke the Run as dialog of Windows 2000
Posted by Legacy on 10/30/2003 12:00amOriginally posted by: Chandu
Hi,
Is there any way to invoke the "Run as" dialog of Win2K OS, without following the mentioned procedure.
Thanks,
ReplyChandu
Use CreateProcessWithLogonWin w2k/xp
Posted by Legacy on 10/27/2003 12:00amOriginally posted by: Tenyi
I found an example in VB 6,
should use CreateProcessWithLogonW instead of CreateProcessAsUser with WinXP/Win2K.
W2K seems work better than WinXP.
ReplyWhat if I don't know the password for other users?
Posted by Legacy on 09/05/2003 12:00amOriginally posted by: Jeff
If I have administrator access rights and I know all the users in my computer - how can I start a process (or do a LoadProfile) without knowing the password for all the users? Is it possible at all?
Thanks for the excellent article...
Replydoesn't work in winxp
Posted by Legacy on 04/09/2003 12:00amOriginally posted by: chad
so this is just for win2000? would be more useful if it was compatible with winXP.
I get this error when running it under winXP
SE_TCB_NAME held.
An error occurred: 1314 - CreateProcessAsUser. A required privilege is not held by the client.
running it under win2000 and nt 4.0 works fine though.
and I am an admin in our domain
any sugestions?
Reply
Does one exists that runs a GUI program?
Posted by Legacy on 11/25/2001 12:00amOriginally posted by: Chip
Now that this (and "runas" in NTRK) works just fine spawning a console app, how do you go about starting a GUI on the desktop *remotely*?
I know a work around is to use "at /interactive ..." and set the time to the near future, but can it be done without delay via "at"?
Reply
Thank you!
Posted by Legacy on 11/22/2001 12:00amOriginally posted by: liuty
Thank you!
Reply
How is this different from 'runas'?
Posted by Legacy on 11/21/2001 12:00amOriginally posted by: Ian Prest
Perhaps I missed it, but this seems to perform the same function as runas.exe, which is included with the OS. I've never had a problem with runas (other than my annoyance at discovering you can't run explorer.exe as another user, due to Windows' architecture), so I can't help but wonder what the motivation was.
How is this program different than runas?
Reply
Estupendo !!
Posted by Legacy on 11/19/2001 12:00amOriginally posted by: I�igo Mart�nez
A tiny and simple tool very usefull for many scripts.
ReplyThank you very much !!!
Loading, Please Wait ...