Our organisation has an application launcher for commonly used
programs. I would like to make it run some of these programs at a
higher level of privilege than the user's normal privileges. (Some of
our older applications throw up errors when they try to write
temporary files and are forbidden to do so). We have a mixture of 2000
and XP machines (plus a few NT 4) on a Novell network (changing to
Microsoft over the next 12 months).
I looked at LogonUser but this didn't work because ordinary users do
not have the SE_TCB_NAME privilege. (This was on Windows 2000 - I
believe the situation is different on XP but we have a mixture of
machines and this must work everywhere).
I also found Colin Wilson's TImpersonator but this appears to be a
service which impersonates the currently logged-in user. Preferably I
would like to skip installing any services and, in effect, use RunAs.
RunAs does not allow a password on the command line but I have found
LSRunAs, which does. If push came to shove I could use LSRunAs and
pass in a password automatically from a command line inside my
launcher. All in all, though, I would prefer to achieve my aims
programatically.
There is a further wrinkle, in that I would like any impersonated
applications to use the profile of the logged-in user instead of that
of the impersonated user. I knocked up a quick test program which I
ran under both RunAs and LSRunAs, and HKCU entries ended up in the
.DEFAULT part of the HKEY_USERS registry, not that of the current
user. If any of the applications I run need to persist some settings
into the registry, I need them to go to the right part of the
registry.
I would be grateful for any help anyone could give. I have not been
able to find much in the way of resources on impersonation, and would
really appreciate any URLs of articles that people may have found. I
have a large number of snippets but find it hard to make sense of
them. If I could find a single cogent approach to the problem I could
move forwards. MSDN has information on individual calls but I can't
find anything about the _sequence_ of calls that would be required to
produce the result I need.
Thanks a lot in advance to anyone who can help.
-------------------------------------------------------
Please do NOT use the email address in the headers - it
is a spam-trap. Please respond to the newsgroup only.
-------------------------------------------------------
