Start a Command As Any User



Click here for larger image

Environment: Windows NT 4.0 (and upwards) VC6

This is a complete console utility to start a command as a specified user on Windows NT. This uses the

LogonUser
Windows API to programmatically logon to NT as a specified user with a given password. If this succeeds
CreateProcessAsUser
is used to spawn a specified process as the user.

The main problem with LogonUser is that it requires the caller to possess a fairly high level privilege "Act as part of the operating system" to function. This is a powerful privilege which should not be freely given - the local adminstrators may often not have this privilege. As a work around for this, the utility first checks to see whether the user has the required privilege and if not the following occurs:

  • The utility installs itself temporarily as a service running under the system account.
  • The new service is started and the parameters (required user, process) are passed to the service via shared memory.
  • The service then attempts to logon as the specified user and start the process. Results are returned back to the utility via shared memory.
  • The utility then ends the service, uninstalls the service and displays results.

This works because the system account has high level privileges and usually the local admins group has permission to install services. For usage instructions type the executable with no parameters.

The source code also demonstrates the following topics:

  • Windows security APIs (including lightweight template classes for dealing with SIDs, ACEs, ACLS, Security Descriptors, Privileges and Access tokens).
  • Installing/configuring services programmatically using the service control manager.
  • Writing an NT service (including a service template class which can implement a simple service in less than 20 lines of code).
  • Using memory mapped files for sharing memory (including template class for automatic management of memory mapped files and other lightwieght kernel objects).

Downloads

Download demo project - 33 Kb
Download source - 165 Kb


Comments

  • Martyn Brown looking for work

    Posted by Fazer1000 on 10/19/2007 08:29am

    I'm currently looking for a position which allows me to program from home. Alternatively, I'm contemplating a new challenge and lifestyle change with a permanent/contracting position in a nice warm country other than the UK (any serious offer considered). Please contact me if you would like to see my CV. Techical skills below... C/C++ (10+ years), C#/.NET, COM/ATL, STL, MFC/wxWidgets, IBM MQSeries (6+ years) (including MQI/Admin), Windows NT (10+ years) (including RPC/Services/GUI development/ TCP/IP/ multithreading/etc), Visual Basic/VBA, UNIX daemons (ANSI C), x86 Assembler (inline/MASM), Cryptography, SQL Server, Microsoft Access V2 (5 years), Java.

    Reply
  • Serious intention to get into contact with Martyn C Brown

    Posted by bativil on 07/10/2004 09:03pm

    Sorry for disturbing other readers with such a request but it seems to be the only way to be sure that you "Martyn C Brown" receive it since we had no reply from you to our previous online messages. This "Comment" does not deal with the current topic/article but with another project of MCB [Xml parser tool] Dear Martyn. We would like to use a very small subset of your XML parser sources: meaning 'GetNextToken()' function. This function would be retrieved and integrated in an embedded software solution for a commercial product. Except from the copyright mention that is performed by the 'Help' messageBox (included in "McbXML.rc" file) no sign/trace of legacy aspect could be noticed: so what about licence/copyright concerning your tool ? I read the "Permissions" of CodeGuru and guess that in case I put 'GetNextToken()' in our software I shall let your "signature" in front of this function i.e I will let: /** **************************************************************************** *

    Find the next token in a string.

    * * @methodName McbGetNextToken * * @param *pXML * @param *pcbToken * @param *pType * * @return LPCTSTR * * @exception none * * @author Martyn C Brown * * @changeHistory * 17th August 2001 - (V1.0) Creation (MCB) **************************************************************************** But our lawyers say that it would be more safe to get some warranty from you as far as possible. Thanks in advance for your reply expected strongly. Regards.

    • Our "good faith" having been proved

      Posted by bativil on 11/13/2004 12:28pm

      Martyn.
      
      I resynchronized with our lawyers and they suggested me to let you know that our company will use a subset of sources from your MCB xml parser GIVING YOU the insurance that any reference to the author will be maintained inside the code (meaning that headers provided at the beginning of every function will be remain as is) 
      Bativil

      Reply
    • What is it ==> This is a straightforward proposal

      Posted by bativil on 09/23/2004 05:39pm

      Dear Martyn. Thanks a lot for such a positive reply. We really need an "authentic" assertion from you (proving that you are the author --- whom I do NOT doubt at all --- and accurately certifying that we are authorized to use your sources). We are writing xml parsing for digital STB in a context of TV over ADSL (I made a non-recursive version of your tool and would be ready to provide it back to you). I can tell you more and give u the name of my company since we expect to receive official "commitment" from you. Very sincerely bativil@free.fr PS: this is a serious proposal, hoping neither bother nor "frighten" you

      Reply
    • Cool - what is it?

      Posted by MCB on 09/15/2004 07:17am

      Bativil, I'm responding from my works email (as my hotmail account has expired and I can't access it anymore from work) but I'm fine with you using the code anyway you see fit. Out of interest what are you writing? Regards Martyn

      Reply
    Reply
  • How to invoke the Run as dialog of Windows 2000

    Posted by Legacy on 10/30/2003 12:00am

    Originally posted by: Chandu

    Hi,
    Is there any way to invoke the "Run as" dialog of Win2K OS, without following the mentioned procedure.

    Thanks,
    Chandu

    Reply
  • Use CreateProcessWithLogonWin w2k/xp

    Posted by Legacy on 10/27/2003 12:00am

    Originally posted by: Tenyi

    I found an example in VB 6,
    should use CreateProcessWithLogonW instead of CreateProcessAsUser with WinXP/Win2K.

    W2K seems work better than WinXP.

    Reply
  • What if I don't know the password for other users?

    Posted by Legacy on 09/05/2003 12:00am

    Originally posted by: Jeff

    If I have administrator access rights and I know all the users in my computer - how can I start a process (or do a LoadProfile) without knowing the password for all the users? Is it possible at all?

    Thanks for the excellent article...

    Reply
  • doesn't work in winxp

    Posted by Legacy on 04/09/2003 12:00am

    Originally posted by: chad

    so this is just for win2000? would be more useful if it was compatible with winXP.

    I get this error when running it under winXP
    SE_TCB_NAME held.
    An error occurred: 1314 - CreateProcessAsUser. A required privilege is not held by the client.

    running it under win2000 and nt 4.0 works fine though.
    and I am an admin in our domain
    any sugestions?

    Reply
  • Does one exists that runs a GUI program?

    Posted by Legacy on 11/25/2001 12:00am

    Originally posted by: Chip

    Now that this (and "runas" in NTRK) works just fine spawning a console app, how do you go about starting a GUI on the desktop *remotely*?

    I know a work around is to use "at /interactive ..." and set the time to the near future, but can it be done without delay via "at"?

    Reply
  • Thank you!

    Posted by Legacy on 11/22/2001 12:00am

    Originally posted by: liuty

    Thank you!

    Reply
  • How is this different from 'runas'?

    Posted by Legacy on 11/21/2001 12:00am

    Originally posted by: Ian Prest

    Perhaps I missed it, but this seems to perform the same function as runas.exe, which is included with the OS. I've never had a problem with runas (other than my annoyance at discovering you can't run explorer.exe as another user, due to Windows' architecture), so I can't help but wonder what the motivation was.

    How is this program different than runas?

    Reply
  • Estupendo !!

    Posted by Legacy on 11/19/2001 12:00am

    Originally posted by: I�igo Mart�nez

    A tiny and simple tool very usefull for many scripts.
    Thank you very much !!!

    Reply
  • Loading, Please Wait ...

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • Is your sales and operations planning helping or hurting your bottom line? Here are 5 useful tips from the experts at Quintiq to guide you to a better S&OP strategy.

  • Savvy enterprises are discovering that the cloud holds the power to transform IT processes and support business objectives. IT departments can use the cloud to redefine the continuum of development and operations—a process that is becoming known as DevOps. Download the Executive Brief DevOps: Why IT Operations Managers Should Care About the Cloud—prepared by Frost & Sullivan and sponsored by IBM—to learn how IBM SmartCloud Application services provide a robust platform that streamlines …

Most Popular Programming Stories

More for Developers

Latest Developer Headlines

RSS Feeds