The function will not use the search path. In the case of a partial name, the function uses the current drive and current directory to complete the specification. The string can specify the full path and file name of the module to execute or it can specify a partial name. It can be some other type of module (for example, MS-DOS or OS/2) if the appropriate subsystem is available on the local computer. This module can be a Windows-based application. By default, this is the same session that called LogonUser. Terminal Services: The process is run in the session specified in the token. If the necessary privileges are not already enabled,ĬreateProcessAsUser enables them for the duration of the call. If hToken is a restricted version of the caller's primary token, the SE_ASSIGNPRIMARYTOKEN_NAME privilege is not required. This allows a server application that is impersonating a client to create a process that has the security context of the client. Alternatively, you can call theĭuplicateTokenEx function to convert an impersonation token into a primary token. To get a primary token that represents the specified user, call the The user represented by the token must have read and execute access to the application specified by the lpApplicationName or the lpCommandLine parameter. For more information, seeĪccess Rights for Access-Token Objects. The handle must have the TOKEN_QUERY, TOKEN_DUPLICATE, and TOKEN_ASSIGN_PRIMARY access rights. LPPROCESS_INFORMATION lpProcessInformationĪ handle to the primary token that represents a user. LPSECURITY_ATTRIBUTES lpThreadAttributes, LPSECURITY_ATTRIBUTES lpProcessAttributes, Generally, it is best to use CreateProcessWithLogonW to create a process with alternate credentials. CreateProcessWithLogonW requires no special privileges, but the specified user account must be allowed to log on interactively. If this function fails with ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessWithLogonW function instead. The new process runs in the security context of the user represented by the specified token.ĬreateProcessAsUser function must have the SE_INCREASE_QUOTA_NAME privilege and may require the SE_ASSIGNPRIMARYTOKEN_NAME privilege if the token is not assignable. Creates a new process and its primary thread.
0 Comments
Leave a Reply. |