I need to be able to run applications(.exe's) under a different user account in windows nt 4.0. I'm pretty sure this is the api I need, but I get error code 5, access denied. I don't think I'm using it right. Any help would be great.

I was trying to work with CreateProcessAsUser() in windows xp.
But because I was unable to assign the required previlage to the user handle, it failed. But as i know upto windows 2000 we wouldn't get much problem.
first thing you have to do is use logonUser() function to get handle to a user. then assign the required previleges to the handle then call CreateProcessAsUser().
I think the code i worked may be of some help to you.
please read the full discussion of my thread regarding this.
Don't stop reading until end though the title is different my problem was CreateProcessAsuser() only.
I have some sample code in the last post of the thread zipped as "test1.zip".
I just used MSDN and some other help to do this.
useful links also you can find in that Thread.

http://www.codeguru.com/forum/showthread.php?s=&threadid=240265
:rolleyes: :rolleyes:
please read the second half and in the last few posts you can find the relevant information about using CreateProcessAsUser() and sample code.

feel free to contact me if you have any problem in solving your problem and if you believe I can be helpful to you.

cheers
mahanare

thanks for the help. I'm still looking over your code, but I had pretty much everything you had there, except for a couple things. Do I need to create a PSECURITY_DESCRIPTOR object and initialize like you did in your code? And do I have to have a SECURITY_ATTRIBUTES object also? And I have been compiling this on winxp... so maybe that was my problem. Here's what I got so far, it's just a .cpp file with no class, and nothing complicated about it.
In winxp my logonuser() succeeds, but my createprocessAsUser() returns error code 1314, which is: "A required privilege is not held by the client. ERROR_PRIVILEGE_NOT_HELD"
But running it under win2k I get error code 1314 after logonUser() is called. And the error code for createprocessasuser() is 6 which is the invalid handle error. Thx for the help. I know I almost got it now!

Hi, Chadro.
So You are starting from where I left it.
If you read documentation it says CreateProcessAsUser() needs some 3 privileges in which "act as a part of operating system"
But in my attempt i assigned some 2 of other privileges in the last case my function failed to assign the privilege.
If you are going to further work, please do let me know.
I left working on it.
Actually some code from net worked upto win 2k, but in xp it says the previleges are not held.
What I feel is if we make our program as a service( as service is part of OS) we may be able to use the CPUA() function.
keep working and don't stope with error 1314.

cheers
mahanare

so why are you writing this program anyway? Is it just to use the runas capability in winxp? I got that to work on the command line.
If you got the createprocessasuser() stuff to work in win2k can you let me know what else I need to do to it? What are those other 3 params I need? cause I'm not sure where the documentation is you're refering to.
thx
chad

Hey I don't want to explore xp. but the tool in which i am working had some problem so as a work around I was trying to work out with CPAU().
Don't worry about the lines which i didn't use (if any)
It was big program( i actually did some cut and paste work)
One good thing with my work is there is a function SetPrivilege() which adjusts the privileges.
So try to set privileges..
I will post the info if i get any.
I am trying to look into the problem now.

you to try to do that..
you just take setprivilege() function and call it before CreateProcessAsuser (CPAU)
o.k

see you,
cheers
mahanare

got it. thx man. I'll let ya know if I come up with anything

if you haven't tried this code then do try ( the attachment)
it worked for me in win2k but gave 1314 in xp.

see you
cheers
mahanare

chadro,
I added few lines to add privileges.

But unable to assign 3rd previlege which i feel making us to get 1314.
you can have a look at this.
just copy few lines of code which is immediately before CreateProcessAsuser() (Setprivileges() code part)

best wishes
cheers
mahanare

cmdasuser doesn't work for me. It requires the user who logs in to have admin priveleges... this defeats the whole purpose! I need a user who logs into winnt who doesn't have admin priveleges to be able to install a program(which requires admin priveleges) hence I need a runas type utility to run under winnt 4.0. Winxp and win2k have this utility built into them. That's why I'm messing with this wanna be createprocessasuser() API. ... dumb api.
I had looked at cmdasuser before
thx anyway

hi chad,

Please don't forget to post the results of your work.
Have you thought about trying a service?
I think implementing it through service may be possible(for your requirement).
just an idea

best wishes
mahanare

In winxp my logonuser() succeeds, but my createprocessAsUser() returns error code 1314, which is: "A required privilege is not held by the client. ERROR_PRIVILEGE_NOT_HELD"
But running it under win2k I get error code 1314 after logonUser() is called. And the error code for createprocessasuser() is 6 which is the invalid handle error. Thx for the help. I know I almost got it now!
Have You tried CreateProcessWithLogonW?

My program, which runs under a restricted account on the WinXP machine, invokes a process called "Tool.exe" with Administrator privileges. I encountered the same problem like you that "LogonUser()" seems to work and "CreateProcessAsUser()" gives the ERROR_PRIVILEGE_NOT_HELD error!

However CreateProcessWithLogonW just did the job!
In quick code my "runas" function:


DWORD dwErr = CredUIPromptForCredentials(
&cui,
_T("Tool.exe"),
NULL,
0,
szName,
CREDUI_MAX_USERNAME_LENGTH+1,
szPwd,
CREDUI_MAX_PASSWORD_LENGTH+1,
&fSave,
CREDUI_FLAGS_USERNAME_TARGET_CREDENTIALS |
CREDUI_FLAGS_REQUEST_ADMINISTRATOR |
CREDUI_FLAGS_EXPECT_CONFIRMATION
);

if (!dwErr)
{
TCHAR szUserName[CREDUI_MAX_USERNAME_LENGTH + 1];
TCHAR szDomainName[CREDUI_MAX_DOMAIN_TARGET_LENGTH + 1];

DWORD dwError = CredUIParseUserName(szName,
szUserName,
CREDUI_MAX_USERNAME_LENGTH,
szDomainName,
CREDUI_MAX_DOMAIN_TARGET_LENGTH);

std::wstring strCommandLine(L"Tool.exe");

STARTUPINFO strctStartInfo;
ZeroMemory(&strctStartInfo, sizeof(STARTUPINFO));
strctStartInfo.cb = sizeof(STARTUPINFO);

PROCESS_INFORMATION strctProcInfo;
ZeroMemory(&strctProcInfo, sizeof(PROCESS_INFORMATION));

CreateProcessWithLogonW(
szUserName,
szDomainName,
szPwd,
LOGON_WITH_PROFILE,
NULL,
&strCommandLine[0],
0,
NULL,
NULL,
&strctStartInfo,
&strctProcInfo));

CloseHandle(strctProcInfo.hThread);
CloseHandle(strctProcInfo.hProcess);

SecureZeroMemory(pszName, sizeof(pszName));
SecureZeroMemory(pszPwd, sizeof(pszPwd));

}