Hi,

I am calling an exe from a webservice
I was using CreateProcessWithLogon() but it doesn't seem to work (MSDN
says it is supported) I get ERROR_ACCESS_DENIED.
It works fine if I am using an XP

Are there permissions that must be set in Win2K to allow this function
to work?

I tried swapping to using LogonUser() and CreateProcessAsUser() but
again they work fine and XP and fail on Win2K
this time the error is ERROR_PRIVILEGE_NOT_HELD

The MSDN says that the user calling LogonUser() needs SE_TCB_NAME
privilege.
I tried setting this and failed (on both OS this time)

The code I am using is in VB.Net below.

Can anyone tell me what I am doing wrong?
Or is there a way to set this without coding i.e. User settings
somewhere?

Vin

private declare Auto Function OpenProcessToken lib "advapi32.dll"
(ByVal ProcessHandle as IntPtr, ByVal DesiredAccess as Integer, ByRef
TokenHandle as IntPtr) as Boolean
private Declare auto Function LookupPrivilegeValue Lib "advapi32.dll"
(lpSystemName As String, lpName As String, ByRef lpLuid As LUID) As
Boolean
private Declare Function AdjustTokenPrivileges Lib "advapi32.dll"
(ByVal TokenHandle As IntPtr, ByVal DisableAllPrivileges As Boolean,
ByRef NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Integer,
ByVal PreviousState As IntPtr, ByVal ReturnLength As IntPtr) As
Boolean

Private Structure TOKEN_PRIVILEGES
public PrivilegeCount as Integer
' have tried variations on this parameter but none of them make
' a difference any array variant won't marshal
public Privileges as LUID_AND_ATTRIBUTES
end Structure
private Structure LUID_AND_ATTRIBUTES
Public Luid As LUID
Public Attributes As Integer
End Structure
private Structure LUID
Public LowPart As Integer
Public HighPart As Integer
End Structure

' Inside the Function
Dim hProc As IntPtr
dim hToken As IntPtr
Dim luid_TCB As LUID
Dim tp As New TOKEN_PRIVILEGES

' get the current process's token
hProc = Process.GetCurrentProcess().Handle
hToken = IntPtr.Zero
If Not OpenProcessToken(hProc, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY,
hToken) Then
throw new Exception(err.LastDllError)
End If

' get the LUID for the TCB privilege (provided it already exist)
luid_TCB.HighPart = 0
luid_TCB.lowPart = 0
If Not LookupPrivilegeValue(Nothing, SE_TCB_NAME, luid_TCB) Then
throw new Exception(err.LastDllError)
End If

tp.PrivilegeCount = 1
tp.Privileges.Luid = luid_TCB
tp.Privileges.Attributes = SE_PRIVILEGE_ENABLED

' enable the privileges
If Not AdjustTokenPrivileges(hToken, False, tp, 0, IntPtr.Zero,
IntPtr.Zero) Then
throw new Exception(err.LastDllError)
End If

dim errorCode as Integer
errorCode = err.LastDllError
' This will equal ERROR_NOT_ALL_ASSIGNED

On Tue, 22 Jun 2004 17:24:22 +0100, Vincent Finn <(E-Mail Removed)> wrote:

>I tried swapping to using LogonUser() and CreateProcessAsUser() but
>again they work fine and XP and fail on Win2K
>this time the error is ERROR_PRIVILEGE_NOT_HELD

I found teh setting for this in the Local Security Settings
and that gets LogonUser() to work but CreateProcessAsUser() gives the
privilege not held error now

Vin

can you wrote how you solved the problem
Thanks

p.s i've got the same problem also


"Vincent Finn" wrote:

> On Tue, 22 Jun 2004 17:24:22 +0100, Vincent Finn <(E-Mail Removed)> wrote:
>
> >I tried swapping to using LogonUser() and CreateProcessAsUser() but
> >again they work fine and XP and fail on Win2K
> >this time the error is ERROR_PRIVILEGE_NOT_HELD
>
> I found teh setting for this in the Local Security Settings
> and that gets LogonUser() to work but CreateProcessAsUser() gives the
> privilege not held error now
>
> Vin
>

On Mon, 28 Jun 2004 03:24:02 -0700, "Gabi"
<(E-Mail Removed)> wrote:

>can you wrote how you solved the problem
>Thanks
>
>p.s i've got the same problem also

I haven't solved it.

I am still trying.
I have tried a variety of things and got nowhere so far.

I'll post a solution if I get one, looks like it'll be a nasty hack of
some sort though

Vin

On Mon, 28 Jun 2004 03:24:02 -0700, "Gabi"
<(E-Mail Removed)> wrote:

>can you wrote how you solved the problem
>Thanks
>
>p.s i've got the same problem also

I have solved the problem now and it is messy

I had to write a windows service.
This runs under the system account
I call this using a COM function and it then calls
CreateProcessWithLogon

everything works fine on 2000 and XP with this method.
(I am having trouble with 2003 instead but that may something
completely different)

Vin