I have a service that is impersonating a user. The service is running as Local System. The user is a local administrator and domain administrator. After impersonation, it's necessary for me to adjust the token privileges of the process. I hoped to do it using OpenProcessToken and then AdjustTokenPrivileges on the returned token handle.
After calling LogonUser and ImpersonateLoggedOnUser the followin开发者_如何学JAVAg call is failing with access denied.
HANDLE hToken;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
{
Log("Error=%d", GetLastError());
}
I'm logging on the user using LOGON32_LOGON_INTERACTIVE and LOGON32_PROVIDER_DEFAULT.
Adjusting the same privilege on the user token succeeds.
This is a two-part answer, depending on what you are trying to do:
1) If you want to adjust the privileges for the impersonation token, you need to use the OpenThreadToken function, not OpenProcessToken. Impersonation affects the thread, not the process as a whole. Try this:
OpenThreadToken(GetCurrentThread(), TOKEN_READ | TOKEN_ADJUST_PRIVILEGES, TRUE, &hToken)
2) If you really did want to adjust the privileges for the process token, you should probably do this at a point when you are not impersonating the client. You can turn impersonation on and off as necessary.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论