Hi,
I know it is not possible to access the netowrk under this account but is it possible to use "LogonUser" and "CreateProcessAsUser" with the "Network Service" user just to copy files over to a shared folder on the network?
I create on the fly a .bat file with the command: COPY "SOURCE" "DESINATION" where destination is a file name of the format \IPNUMBER\SHAREDFOLDER\FILENAME.EXT and then use the CreateProcessAsUser command to create a command prompt as a network service user.
Here is the code:
FillChar(StartupInfo, SizeOf(TStartupInfo), 0);
StartupInfo.cb:=SizeOf(StartupInfo);
if LogonUser(PAnsiChar('NT Authority\NetworkService'), '.', PAnsiChar(''), LOGON32_LOGON_SERVICE, LOGON32_PROVIDER_WINNT50, hToken) then
begin
if CreateProcessAsUser(hToken, nil, PAnsiChar('cmd /c "'+IncludeTrailingPathDelimiter(FTempFolder) + FResultFile + '.bat"'),
nil, nil, True, CREATE_NO_WINDOW, nil, PAnsiChar(FTempFolder), StartupInfo, ProcessInfo) then
begin
WaitForInputIdle(ProcessInfo.hProcess, INFINITE);
WaitForSingleObject(ProcessInfo.hProcess, INFINITE);// = WAIT_OBJECT_0;
CloseHandle(ProcessInfo.hThread);
CloseHandle(ProcessInfo.hProcess);
WriteLog('Copy batch file executed!');
end else
HandleThreadException(Self, defPROCNAME, Exception.Create('Failed to create process as user! '+SysErrorMessage(GetLastError)));
CloseHandle(hToken);
end else
HandleThreadException(Self, defPROCNAME, Exception.Create('Failed to log on as user! '+SysErrorMessage(GetLastError)));
This code doesn't work. It says "A required privilege is not held by the client" when I try to create the process.
Does the code has errors or is it just not possible to do what I intend here?
Thank you in advance for all the help,
Marcelo
