createprocessasuser


CreateProcessAsUser error 1314


I want create a process under another user. So I use LogonUser and CreateProcessAsUser. But my problem is, that CreatePtocessAsUser always returns the errorcode 1314, which means "A required privilige is not held by the client". So my question is, what I am doing wrong? Or how can i give the priviliges to the handle? (I think the handle should have the privileges, or I am wrong?) Sorry for my english mistakes, but my english knowledge isn't the best :)
Plesase help if anyone knows how to correct my application.
This a part of my code.
STARTUPINFO StartInfo;
PROCESS_INFORMATION ProcInfo;
TOKEN_PRIVILEGES tp;
memset(&ProcInfo, 0, sizeof(ProcInfo));
memset(&StartInfo, 0 , sizeof(StartInfo));
StartInfo.cb = sizeof(StartInfo);
HANDLE handle = NULL;
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_ALL_ACCESS, &handle)) printf("\nOpenProcessError");
if (!LookupPrivilegeValue(NULL,SE_TCB_NAME,
//SE_TCB_NAME,
&tp.Privileges[0].Luid)) {
printf("\nLookupPriv error");
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes =
SE_PRIVILEGE_ENABLED;//SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(handle, FALSE, &tp, 0, NULL, 0)) {
printf("\nAdjustToken error");
}
i = LogonUser(user, domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &handle);
printf("\nLogonUser return : %d",i);
i = GetLastError();
printf("\nLogonUser getlast : %d",i);
if (! ImpersonateLoggedOnUser(handle) ) printf("\nImpLoggedOnUser!");
i = CreateProcessAsUser(handle, "c:\\windows\\system32\\notepad.exe",NULL, NULL, NULL, true,
CREATE_UNICODE_ENVIRONMENT |NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE, NULL, NULL,
&StartInfo, &ProcInfo);
printf("\nCreateProcessAsUser return : %d",i);
i = GetLastError();
printf("\nCreateProcessAsUser getlast : %d",i);
CloseHandle(handle);
CloseHandle(ProcInfo.hProcess);
CloseHandle(ProcInfo.hThread);
Thanks in advance!
The local account that is running your app must have these privileges enabled in the Local Security Policy:
Act as part of the operating system
Create a token object
Log on as a batch job
After looking for answer for hours, I finally found it in following link from MSDN. Hope it may help someone in future.
https://social.msdn.microsoft.com/Forums/vstudio/en-US/c905c900-cae1-4081-b0c9-00f10238e7ad/createprocessasuser-failed?forum=clr
"To resolve this problem, you'll need to elevate the rights of the account calling CreateProcessAsUser with the "Replace a process level token" right. To do so, open the Control Panel / Administrative Tools / Local Security Policy and add the user account to the "Replace a process level token" right. (You may have to logout or even reboot to have this change take effect.)"
Your code adds the SE_TCB_NAME privilege to your token.
MSDN says "Typically, the process that calls the CreateProcessAsUser function must have the SE_ASSIGNPRIMARYTOKEN_NAME and SE_INCREASE_QUOTA_NAME privileges."
I checked the links, and it worked good.
Check this
void main()
{
DWORD dwSessionId;
HANDLE hToken = NULL;
TOKEN_PRIVILEGES tp;
PROCESS_INFORMATION pi;
STARTUPINFOW si;
// Initialize structures.
ZeroMemory(&tp, sizeof(tp));
ZeroMemory(&pi, sizeof(pi));
ZeroMemory(&si, sizeof(si));
si.cb = sizeof(si);
LPTSTR lpszUsername = "user\0";
LPTSTR lpszDomain = ".";//"bgt\0";
LPTSTR lpszPassword = "password\0";
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY
| TOKEN_ADJUST_PRIVILEGES , &hToken)) {
MyError();
}
// Look up the LUID for the TCB Name privilege.
if (!LookupPrivilegeValue(NULL,SE_TCB_NAME, //SE_SHUTDOWN_NAME ,
//SE_TCB_NAME,
&tp.Privileges[0].Luid)) {
MyError();
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Attributes =
SE_PRIVILEGE_ENABLED;//SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tp, 0, NULL, 0)) {
MyError();
}
if(LogonUser(lpszUsername,lpszDomain,lpszPassword,
LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,&hToken) == 0)
{
MyError();
}
else
{
STARTUPINFO sInfo;
PROCESS_INFORMATION ProcessInfo;
memset(&sInfo,0,sizeof(STARTUPINFO));
sInfo.cb = sizeof(STARTUPINFO);
sInfo.dwX = CW_USEDEFAULT;
sInfo.dwY = CW_USEDEFAULT;
sInfo.dwXSize = CW_USEDEFAULT;
sInfo.dwYSize = CW_USEDEFAULT;
bool bRet = CreateProcessAsUser(hToken,
"c:\\windows\\system32\\notepad.exe",
NULL,
NULL,
NULL,
TRUE,
CREATE_NEW_CONSOLE,
NULL,
NULL,
&sInfo,
&ProcessInfo);
if(bRet == 0)
MyError();
}

Related Links

Use of lpEnvironment in CreateProcessAsUser
CreateProcessAsUser error 1314
CreateProcessAsUser not working correctly in my experiments

Categories

HOME
image
appx
hp-exstream
relayjs
alfresco
jsp-tags
jsrender
win32gui
callback
django-imagekit
multiple-records
append
dacpac
maude-system
offline
handsontable
google-apps-marketplace
decimal
highlight.js
jsdoc
google-cloud-speech
immutable.js
semantic-analysis
brunch
web-api-testing
applozic
opentype
log4js-node
file-rename
instant-messaging
preg-match
frame
binary-data
yadcf
preg-match-all
titanium-mobile
subset-sum
wallpaper
wixsharp
android-fingerprint-api
elasticsearch-plugin
mapzen
g-code
reportingservices-2005
estimote
vao
node-sass
sas-jmp
rainbowtable
datastax-startup
darcs
nodebb
sqlbulkcopy
flow-control
orthogonal
angular-strap
jquery-filter
ableton-live
color-picker
mikroc
fputcsv
jwplayer7
moveit
actionbardrawertoggle
hill-climbing
hexdump
oauth2client
natvis
t4mvc
atk4
event-bubbling
mmc
system32
tween
cctv
castle
starcluster
p4java
wp-query
reactfx
jboss-weld
tidy
easy-install
eclipse-memory-analyzer
chronoforms
orchardcms-1.7
pygit2
specification-pattern
gil
tridion-worldserver
viewswitcher
online-compilation
windows-phone-7.1.1
tomcat-valve
xfbml
asp.net-mvc-areas
audio-capture
javap
adrotator
yagni
private-members
genealogy
ntvdm.exe

Resources

Mobile Apps Dev
Database Users
javascript
java
csharp
php
android
MS Developer
developer works
python
ios
c
html
jquery
RDBMS discuss
Cloud Virtualization
Database Dev&Adm
javascript
java
csharp
php
python
android
jquery
ruby
ios
html
Mobile App
Mobile App
Mobile App