Hi Grant,
How are things going?
I have done some further research and let me share out a little bit more
details. The "runas /netonly" switch calls the "CreateProcessWithLogonW"
API internally with the "LOGON_NETCREDENTIALS_ONLY" flag, below is the
description of this flag quoted from
MSDN(
http://msdn.microsoft.com/en-us/library/ms682431(VS.85).aspx) for
your information,
"
LOGON_NETCREDENTIALS_ONLY
Log on, but use the specified credentials on the network only. The new
process uses the same token as the caller, but the system creates a new
logon session within LSA, and the process uses the specified credentials as
the default credentials.
This value can be used to create a process that uses a different set of
credentials locally than it does remotely. This is useful in inter-domain
scenarios where there is no trust relationship.
The system does not validate the specified credentials. Therefore, the
process can start, but it may not have access to network resources.
"
The specified credentials stay in the local security authority(lsass.exe
process) and cannot be retrieved easily. However, we can manage to get the
specified user name with some trick. I found that the "runas" utility will
set the STARTUPINFO.lpTitle property to something like the following, when
it invokes the "CreateProcessWithLogonW" API:
"myApp.exe(running as MyDomain\SpecifiedUserName)"
To retrieve that title information, we can call the GetStartupInfo API:
private void button1_Click(object sender, EventArgs e)
{
STARTUPINFO s;
GetStartupInfo(out s);
string name = s.lpTitle.Substring(s.lpTitle.LastIndexOf('\\') +
1);
name = name.Remove(name.Length - 1);//remove the ")"
textBox1.Text = string.Format("The specified user name
is:{0}",name);
}
[DllImport("kernel32.dll",EntryPoint="GetStartupInfoW")]
static extern void GetStartupInfo(out STARTUPINFO lpStartupInfo);
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
struct STARTUPINFO
{
public Int32 cb;
public string lpReserved;
public string lpDesktop;
public string lpTitle;
public Int32 dwX;
public Int32 dwY;
public Int32 dwXSize;
public Int32 dwYSize;
public Int32 dwXCountChars;
public Int32 dwYCountChars;
public Int32 dwFillAttribute;
public Int32 dwFlags;
public Int16 wShowWindow;
public Int16 cbReserved2;
public IntPtr lpReserved2;
public IntPtr hStdInput;
public IntPtr hStdOutput;
public IntPtr hStdError;
}
However, please not that this specific implementation (e.g. setting the
title) of the "RunAs" utility is not documented officially. There can be
opportunity that the design will be changed in the future versions. If that
happens, our existing code can break. But I still hope the workaround can
be useful to you to some extent.
If you need any further information, or there is anything else we can help
with, please feel free to reply here.
Sincerely,
Zhi-Xin Ye
Microsoft Online Community Support
Delighting our customers is our #1 priority. We welcome your comments and
suggestions about how we can improve the support we provide to you. Please
feel free to let my manager know what you think of the level of service
provided. You can send feedback directly to my manager at:
(e-mail address removed).
This posting is provided "AS IS" with no warranties, and confers no rights.