A required privilege is not held by the client

P

Parv

I am impersoanting a user to an other domain. But while doing so i am
getting

A required privilege is not held by the client

exception. I have tried with aal possible usernames and passwords but
didn't get success. I am getting same error if i am enetring blank user
and password. What i am doing wrong ?
 
N

Nicholas Paldino [.NET/C# MVP]

In order to do this, the user making the call has to have the
SeTcbPrivilege priviledge set. Your administrator has to set this up.

Hope this helps.
 
P

Parv

thanx, let me elaborate my case. I am working in a domain environment.
I am working on my System named Parveen. I have to copy a file to other
system in other domain named project.com. I have have added myself in
Act as part of operating System in local security policy of my system
but it still not working. I am in confusion that i have to give this
permission on mysystem Parveen, Or MyDomain in which i am working or on
the target domain. I am working on Windows 2000 Professional.

Best Regards
Parveen Beniwal
Nicholas said:
In order to do this, the user making the call has to have the
SeTcbPrivilege priviledge set. Your administrator has to set this up.

Hope this helps.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

Parv said:
I am impersoanting a user to an other domain. But while doing so i am
getting

A required privilege is not held by the client

exception. I have tried with aal possible usernames and passwords but
didn't get success. I am getting same error if i am enetring blank user
and password. What i am doing wrong ?
Click to expand...
Click to expand...
 
W

Willy Denoyette [MVP]

Windows 2000 needs this privilege in order to impersonate, more exactly,
LogonUser API can only be called when the caller's identity has this
privilege enabled. Did you logout followed by a login after you changed the
accounts privilege?
You will have to post your code or a complete sample that illustrates the
issue, whithout this it's nearly impossible to help you out.

Willy.

| thanx, let me elaborate my case. I am working in a domain environment.
| I am working on my System named Parveen. I have to copy a file to other
| system in other domain named project.com. I have have added myself in
| Act as part of operating System in local security policy of my system
| but it still not working. I am in confusion that i have to give this
| permission on mysystem Parveen, Or MyDomain in which i am working or on
| the target domain. I am working on Windows 2000 Professional.
|
| Best Regards
| Parveen Beniwal
| Nicholas Paldino [.NET/C# MVP] wrote:
| > In order to do this, the user making the call has to have the
| > SeTcbPrivilege priviledge set. Your administrator has to set this up.
| >
| > Hope this helps.
| >
| >
| > --
| > - Nicholas Paldino [.NET/C# MVP]
| > - (e-mail address removed)
| >
| > | > >I am impersoanting a user to an other domain. But while doing so i am
| > > getting
| > >
| > > A required privilege is not held by the client
| > >
| > > exception. I have tried with aal possible usernames and passwords but
| > > didn't get success. I am getting same error if i am enetring blank
user
| > > and password. What i am doing wrong ?
| > >
|
 
P

Parv

Thanx, I had logoff but not restarted the system. Not its working after
system restart. But now i am facing new problem

Logon failure: unknown user name or bad password

while using the following code to impersonate

public class Impersonator : IDisposable
{
public Impersonator(string userName,string domainName,string
password)
{
ImpersonateValidUser(userName, domainName, password);
}

public void Dispose()
{
UndoImpersonation();
}

[DllImport("advapi32.dll", SetLastError = true)]
private static extern int LogonUser(string lpszUserName,string
lpszDomain,string lpszPassword,int dwLogonType,int dwLogonProvider,ref
IntPtr phToken);

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError
= true)]
private static extern int DuplicateToken(IntPtr hToken,int
impersonationLevel,ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError
= true)]
private static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);

private const int LOGON32_LOGON_INTERACTIVE = 2;
private const int LOGON32_PROVIDER_DEFAULT = 0;

private void ImpersonateValidUser(string userName,string
domain,string password)
{
WindowsIdentity tempWindowsIdentity = null;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;

try
{
if (RevertToSelf())
{
if
(LogonUser(userName,domain,password,LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,ref
token) != 0)
{
if (DuplicateToken(token, 2, ref
tokenDuplicate) != 0)
{
tempWindowsIdentity = new
WindowsIdentity(tokenDuplicate);
impersonationContext =
tempWindowsIdentity.Impersonate();
}
else
{
throw new
Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
throw new
Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
throw new
Win32Exception(Marshal.GetLastWin32Error());
}
}
finally
{
if (token != IntPtr.Zero)
{
CloseHandle(token);
}
if (tokenDuplicate != IntPtr.Zero)
{
CloseHandle(tokenDuplicate);
}
}
}

private void UndoImpersonation()
{
if (impersonationContext != null)
{
impersonationContext.Undo();
}
}
private WindowsImpersonationContext impersonationContext =
null;
}


and using as below :

using (new Impersonator("administrator", "project.com", "pass"))
{
//Never executed.

System.IO.File.Copy(@"C:\temp\UsingUIExecutingJob.txt",
@"\\Mine\cdrv\test.txt", true);
}

I am getting error in constructor and copy statement is never
executed. What may be reason ?

Regards
Parveen Beniwal

Windows 2000 needs this privilege in order to impersonate, more exactly,
LogonUser API can only be called when the caller's identity has this
privilege enabled. Did you logout followed by a login after you changed the
accounts privilege?
You will have to post your code or a complete sample that illustrates the
issue, whithout this it's nearly impossible to help you out.

Willy.

| thanx, let me elaborate my case. I am working in a domain environment.
| I am working on my System named Parveen. I have to copy a file to other
| system in other domain named project.com. I have have added myself in
| Act as part of operating System in local security policy of my system
| but it still not working. I am in confusion that i have to give this
| permission on mysystem Parveen, Or MyDomain in which i am working or on
| the target domain. I am working on Windows 2000 Professional.
|
| Best Regards
| Parveen Beniwal
| Nicholas Paldino [.NET/C# MVP] wrote:
| > In order to do this, the user making the call has to have the
| > SeTcbPrivilege priviledge set. Your administrator has to set this up.
| >
| > Hope this helps.
| >
| >
| > --
| > - Nicholas Paldino [.NET/C# MVP]
| > - (e-mail address removed)
| >
| > | > >I am impersoanting a user to an other domain. But while doing so i am
| > > getting
| > >
| > > A required privilege is not held by the client
| > >
| > > exception. I have tried with aal possible usernames and passwords but
| > > didn't get success. I am getting same error if i am enetring blank
user
| > > and password. What i am doing wrong ?
| > >
|
Click to expand...
 
P

Parv

problem solved, after changing values for the

private const int LOGON32_LOGON_INTERACTIVE = 2;
private const int LOGON32_PROVIDER_DEFAULT = 0;

to

private const int LOGON32_LOGON_INTERACTIVE = 9;
private const int LOGON32_PROVIDER_DEFAULT = 3;

following code is working, anyway thanx for help to everyone.

Best Regards
Parveen Beniwal
Thanx, I had logoff but not restarted the system. Not its working after
system restart. But now i am facing new problem

Logon failure: unknown user name or bad password

while using the following code to impersonate

public class Impersonator : IDisposable
{
public Impersonator(string userName,string domainName,string
password)
{
ImpersonateValidUser(userName, domainName, password);
}

public void Dispose()
{
UndoImpersonation();
}

[DllImport("advapi32.dll", SetLastError = true)]
private static extern int LogonUser(string lpszUserName,string
lpszDomain,string lpszPassword,int dwLogonType,int dwLogonProvider,ref
IntPtr phToken);

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError
= true)]
private static extern int DuplicateToken(IntPtr hToken,int
impersonationLevel,ref IntPtr hNewToken);

[DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError
= true)]
private static extern bool RevertToSelf();

[DllImport("kernel32.dll", CharSet = CharSet.Auto)]
private static extern bool CloseHandle(IntPtr handle);

private const int LOGON32_LOGON_INTERACTIVE = 2;
private const int LOGON32_PROVIDER_DEFAULT = 0;

private void ImpersonateValidUser(string userName,string
domain,string password)
{
WindowsIdentity tempWindowsIdentity = null;
IntPtr token = IntPtr.Zero;
IntPtr tokenDuplicate = IntPtr.Zero;

try
{
if (RevertToSelf())
{
if
(LogonUser(userName,domain,password,LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,ref
token) != 0)
{
if (DuplicateToken(token, 2, ref
tokenDuplicate) != 0)
{
tempWindowsIdentity = new
WindowsIdentity(tokenDuplicate);
impersonationContext =
tempWindowsIdentity.Impersonate();
}
else
{
throw new
Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
throw new
Win32Exception(Marshal.GetLastWin32Error());
}
}
else
{
throw new
Win32Exception(Marshal.GetLastWin32Error());
}
}
finally
{
if (token != IntPtr.Zero)
{
CloseHandle(token);
}
if (tokenDuplicate != IntPtr.Zero)
{
CloseHandle(tokenDuplicate);
}
}
}

private void UndoImpersonation()
{
if (impersonationContext != null)
{
impersonationContext.Undo();
}
}
private WindowsImpersonationContext impersonationContext =
null;
}


and using as below :

using (new Impersonator("administrator", "project.com", "pass"))
{
//Never executed.

System.IO.File.Copy(@"C:\temp\UsingUIExecutingJob.txt",
@"\\Mine\cdrv\test.txt", true);
}

I am getting error in constructor and copy statement is never
executed. What may be reason ?

Regards
Parveen Beniwal

Windows 2000 needs this privilege in order to impersonate, more exactly,
LogonUser API can only be called when the caller's identity has this
privilege enabled. Did you logout followed by a login after you changed the
accounts privilege?
You will have to post your code or a complete sample that illustrates the
issue, whithout this it's nearly impossible to help you out.

Willy.

| thanx, let me elaborate my case. I am working in a domain environment.
| I am working on my System named Parveen. I have to copy a file to other
| system in other domain named project.com. I have have added myself in
| Act as part of operating System in local security policy of my system
| but it still not working. I am in confusion that i have to give this
| permission on mysystem Parveen, Or MyDomain in which i am working or on
| the target domain. I am working on Windows 2000 Professional.
|
| Best Regards
| Parveen Beniwal
| Nicholas Paldino [.NET/C# MVP] wrote:
| > In order to do this, the user making the call has to have the
| > SeTcbPrivilege priviledge set. Your administrator has to set this up.
| >
| > Hope this helps.
| >
| >
| > --
| > - Nicholas Paldino [.NET/C# MVP]
| > - (e-mail address removed)
| >
| > | > >I am impersoanting a user to an other domain. But while doing so i am
| > > getting
| > >
| > > A required privilege is not held by the client
| > >
| > > exception. I have tried with aal possible usernames and passwords but
| > > didn't get success. I am getting same error if i am enetring blank
user
| > > and password. What i am doing wrong ?
| > >
|
Click to expand...
Click to expand...
 
W

Willy Denoyette [MVP]

Great; I hope you understand why this is working :))

Another remark, don't do this...
private const int LOGON32_LOGON_INTERACTIVE = 9;
LOGON32_LOGON_INTERACTIVE is 3 and carved in stone....
change the declaration into:
private const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
and stay good friends with those who have to maintain this code.

Willy.

| problem solved, after changing values for the
|
| private const int LOGON32_LOGON_INTERACTIVE = 2;
| private const int LOGON32_PROVIDER_DEFAULT = 0;
|
| to
|
| private const int LOGON32_LOGON_INTERACTIVE = 9;
| private const int LOGON32_PROVIDER_DEFAULT = 3;
|
| following code is working, anyway thanx for help to everyone.
|
| Best Regards
| Parveen Beniwal
|
| Parv wrote:
| > Thanx, I had logoff but not restarted the system. Not its working after
| > system restart. But now i am facing new problem
| >
| > Logon failure: unknown user name or bad password
| >
| > while using the following code to impersonate
| >
| > public class Impersonator : IDisposable
| > {
| > public Impersonator(string userName,string domainName,string
| > password)
| > {
| > ImpersonateValidUser(userName, domainName, password);
| > }
| >
| > public void Dispose()
| > {
| > UndoImpersonation();
| > }
| >
| > [DllImport("advapi32.dll", SetLastError = true)]
| > private static extern int LogonUser(string lpszUserName,string
| > lpszDomain,string lpszPassword,int dwLogonType,int dwLogonProvider,ref
| > IntPtr phToken);
| >
| > [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError
| > = true)]
| > private static extern int DuplicateToken(IntPtr hToken,int
| > impersonationLevel,ref IntPtr hNewToken);
| >
| > [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError
| > = true)]
| > private static extern bool RevertToSelf();
| >
| > [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
| > private static extern bool CloseHandle(IntPtr handle);
| >
| > private const int LOGON32_LOGON_INTERACTIVE = 2;
| > private const int LOGON32_PROVIDER_DEFAULT = 0;
| >
| > private void ImpersonateValidUser(string userName,string
| > domain,string password)
| > {
| > WindowsIdentity tempWindowsIdentity = null;
| > IntPtr token = IntPtr.Zero;
| > IntPtr tokenDuplicate = IntPtr.Zero;
| >
| > try
| > {
| > if (RevertToSelf())
| > {
| > if
| >
(LogonUser(userName,domain,password,LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,ref
| > token) != 0)
| > {
| > if (DuplicateToken(token, 2, ref
| > tokenDuplicate) != 0)
| > {
| > tempWindowsIdentity = new
| > WindowsIdentity(tokenDuplicate);
| > impersonationContext =
| > tempWindowsIdentity.Impersonate();
| > }
| > else
| > {
| > throw new
| > Win32Exception(Marshal.GetLastWin32Error());
| > }
| > }
| > else
| > {
| > throw new
| > Win32Exception(Marshal.GetLastWin32Error());
| > }
| > }
| > else
| > {
| > throw new
| > Win32Exception(Marshal.GetLastWin32Error());
| > }
| > }
| > finally
| > {
| > if (token != IntPtr.Zero)
| > {
| > CloseHandle(token);
| > }
| > if (tokenDuplicate != IntPtr.Zero)
| > {
| > CloseHandle(tokenDuplicate);
| > }
| > }
| > }
| >
| > private void UndoImpersonation()
| > {
| > if (impersonationContext != null)
| > {
| > impersonationContext.Undo();
| > }
| > }
| > private WindowsImpersonationContext impersonationContext =
| > null;
| > }
| >
| >
| > and using as below :
| >
| > using (new Impersonator("administrator", "project.com", "pass"))
| > {
| > //Never executed.
| >
| > System.IO.File.Copy(@"C:\temp\UsingUIExecutingJob.txt",
| > @"\\Mine\cdrv\test.txt", true);
| > }
| >
| > I am getting error in constructor and copy statement is never
| > executed. What may be reason ?
| >
| > Regards
| > Parveen Beniwal
| >
| >
| > Willy Denoyette [MVP] wrote:
| > > Windows 2000 needs this privilege in order to impersonate, more
exactly,
| > > LogonUser API can only be called when the caller's identity has this
| > > privilege enabled. Did you logout followed by a login after you
changed the
| > > accounts privilege?
| > > You will have to post your code or a complete sample that illustrates
the
| > > issue, whithout this it's nearly impossible to help you out.
| > >
| > > Willy.
| > >
| > > | > > | thanx, let me elaborate my case. I am working in a domain
environment.
| > > | I am working on my System named Parveen. I have to copy a file to
other
| > > | system in other domain named project.com. I have have added myself
in
| > > | Act as part of operating System in local security policy of my
system
| > > | but it still not working. I am in confusion that i have to give this
| > > | permission on mysystem Parveen, Or MyDomain in which i am working or
on
| > > | the target domain. I am working on Windows 2000 Professional.
| > > |
| > > | Best Regards
| > > | Parveen Beniwal
| > > | Nicholas Paldino [.NET/C# MVP] wrote:
| > > | > In order to do this, the user making the call has to have the
| > > | > SeTcbPrivilege priviledge set. Your administrator has to set this
up.
| > > | >
| > > | > Hope this helps.
| > > | >
| > > | >
| > > | > --
| > > | > - Nicholas Paldino [.NET/C# MVP]
| > > | > - (e-mail address removed)
| > > | >
| > > | > | > > | > >I am impersoanting a user to an other domain. But while doing so
i am
| > > | > > getting
| > > | > >
| > > | > > A required privilege is not held by the client
| > > | > >
| > > | > > exception. I have tried with aal possible usernames and
passwords but
| > > | > > didn't get success. I am getting same error if i am enetring
blank
| > > user
| > > | > > and password. What i am doing wrong ?
| > > | > >
| > > |
|
 
P

Parv

I am getting a strange problem as i mentioned above my code is
working for the window 2000 professional but is gives me error

A required privilege is not held by the client

on window 2000 Advanced server even i have added current user that is
administrator to the Act as part of the operating System to this user.
Please reply ASAP its urgent.

Best Regards
Parveen Beniwal
Great; I hope you understand why this is working :))

Another remark, don't do this...
private const int LOGON32_LOGON_INTERACTIVE = 9;
LOGON32_LOGON_INTERACTIVE is 3 and carved in stone....
change the declaration into:
private const int LOGON32_LOGON_NEW_CREDENTIALS = 9;
and stay good friends with those who have to maintain this code.

Willy.

| problem solved, after changing values for the
|
| private const int LOGON32_LOGON_INTERACTIVE = 2;
| private const int LOGON32_PROVIDER_DEFAULT = 0;
|
| to
|
| private const int LOGON32_LOGON_INTERACTIVE = 9;
| private const int LOGON32_PROVIDER_DEFAULT = 3;
|
| following code is working, anyway thanx for help to everyone.
|
| Best Regards
| Parveen Beniwal
|
| Parv wrote:
| > Thanx, I had logoff but not restarted the system. Not its working after
| > system restart. But now i am facing new problem
| >
| > Logon failure: unknown user name or bad password
| >
| > while using the following code to impersonate
| >
| > public class Impersonator : IDisposable
| > {
| > public Impersonator(string userName,string domainName,string
| > password)
| > {
| > ImpersonateValidUser(userName, domainName, password);
| > }
| >
| > public void Dispose()
| > {
| > UndoImpersonation();
| > }
| >
| > [DllImport("advapi32.dll", SetLastError = true)]
| > private static extern int LogonUser(string lpszUserName,string
| > lpszDomain,string lpszPassword,int dwLogonType,int dwLogonProvider,ref
| > IntPtr phToken);
| >
| > [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError
| > = true)]
| > private static extern int DuplicateToken(IntPtr hToken,int
| > impersonationLevel,ref IntPtr hNewToken);
| >
| > [DllImport("advapi32.dll", CharSet = CharSet.Auto, SetLastError
| > = true)]
| > private static extern bool RevertToSelf();
| >
| > [DllImport("kernel32.dll", CharSet = CharSet.Auto)]
| > private static extern bool CloseHandle(IntPtr handle);
| >
| > private const int LOGON32_LOGON_INTERACTIVE = 2;
| > private const int LOGON32_PROVIDER_DEFAULT = 0;
| >
| > private void ImpersonateValidUser(string userName,string
| > domain,string password)
| > {
| > WindowsIdentity tempWindowsIdentity = null;
| > IntPtr token = IntPtr.Zero;
| > IntPtr tokenDuplicate = IntPtr.Zero;
| >
| > try
| > {
| > if (RevertToSelf())
| > {
| > if
| >
(LogonUser(userName,domain,password,LOGON32_LOGON_INTERACTIVE,LOGON32_PROVIDER_DEFAULT,ref
| > token) != 0)
| > {
| > if (DuplicateToken(token, 2, ref
| > tokenDuplicate) != 0)
| > {
| > tempWindowsIdentity = new
| > WindowsIdentity(tokenDuplicate);
| > impersonationContext =
| > tempWindowsIdentity.Impersonate();
| > }
| > else
| > {
| > throw new
| > Win32Exception(Marshal.GetLastWin32Error());
| > }
| > }
| > else
| > {
| > throw new
| > Win32Exception(Marshal.GetLastWin32Error());
| > }
| > }
| > else
| > {
| > throw new
| > Win32Exception(Marshal.GetLastWin32Error());
| > }
| > }
| > finally
| > {
| > if (token != IntPtr.Zero)
| > {
| > CloseHandle(token);
| > }
| > if (tokenDuplicate != IntPtr.Zero)
| > {
| > CloseHandle(tokenDuplicate);
| > }
| > }
| > }
| >
| > private void UndoImpersonation()
| > {
| > if (impersonationContext != null)
| > {
| > impersonationContext.Undo();
| > }
| > }
| > private WindowsImpersonationContext impersonationContext =
| > null;
| > }
| >
| >
| > and using as below :
| >
| > using (new Impersonator("administrator", "project.com", "pass"))
| > {
| > //Never executed.
| >
| > System.IO.File.Copy(@"C:\temp\UsingUIExecutingJob.txt",
| > @"\\Mine\cdrv\test.txt", true);
| > }
| >
| > I am getting error in constructor and copy statement is never
| > executed. What may be reason ?
| >
| > Regards
| > Parveen Beniwal
| >
| >
| > Willy Denoyette [MVP] wrote:
| > > Windows 2000 needs this privilege in order to impersonate, more
exactly,
| > > LogonUser API can only be called when the caller's identity has this
| > > privilege enabled. Did you logout followed by a login after you
changed the
| > > accounts privilege?
| > > You will have to post your code or a complete sample that illustrates
the
| > > issue, whithout this it's nearly impossible to help you out.
| > >
| > > Willy.
| > >
| > > | > > | thanx, let me elaborate my case. I am working in a domain
environment.
| > > | I am working on my System named Parveen. I have to copy a file to
other
| > > | system in other domain named project.com. I have have added myself
in
| > > | Act as part of operating System in local security policy of my
system
| > > | but it still not working. I am in confusion that i have to give this
| > > | permission on mysystem Parveen, Or MyDomain in which i am working or
on
| > > | the target domain. I am working on Windows 2000 Professional.
| > > |
| > > | Best Regards
| > > | Parveen Beniwal
| > > | Nicholas Paldino [.NET/C# MVP] wrote:
| > > | > In order to do this, the user making the call has to have the
| > > | > SeTcbPrivilege priviledge set. Your administrator has to set this
up.
| > > | >
| > > | > Hope this helps.
| > > | >
| > > | >
| > > | > --
| > > | > - Nicholas Paldino [.NET/C# MVP]
| > > | > - (e-mail address removed)
| > > | >
| > > | > | > > | > >I am impersoanting a user to an other domain. But while doing so
i am
| > > | > > getting
| > > | > >
| > > | > > A required privilege is not held by the client
| > > | > >
| > > | > > exception. I have tried with aal possible usernames and
passwords but
| > > | > > didn't get success. I am getting same error if i am enetring
blank
| > > user
| > > | > > and password. What i am doing wrong ?
| > > | > >
| > > |
|
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

A required privilege is not held by the client on Windows 2000 Advanced Server 1
error 1314: A required privilege is not held by the client. 3
A required privilege is not held by the client 1
Error Reading the Security Log 4
A required privilege is not held by the client 1
"privilege is not held by the client" at logon 4
Rights necessary for an user to view the security logs within the event Viewer - Windows XP Pro Serv 1
"A required NT privilege is not held"; security update fails 0

Top