View previous topic :: View next topic |
Author |
Message |
CodeScript Moderator Team
Joined: 08 Jun 2003 Posts: 1060 Location: India
|
Posted: Fri Aug 08, 2003 2:14 pm Post subject: "Run as" replacement using API |
|
|
Quick Info - "Run as" replacement using API.
VDS version - VDS 5.x +
Windows version - Win 2k/NT/XP
Not compatible - Win9x
Non-VDS/Non System dll - No.
API - Yes.
Tested on - Win XP.
Difficulty Rating - Beginner/Intermediate/Advanced
What is Impersonation ?
-----------------------
Impersonation is the ability of a process to take on the security attributes of another process. Typically, a server thread impersonates a client thread to act on behalf of that client to access objects or validate access to its own objects.
About this demo
----------------
This is a demo showing the use of ImpersonateLoggedOnUser API function using an example of starting and stopping windows services.
Normally you need to login from an administrator account to have access to these functions. But using this API it is possible to enter your adminiatrator ID and password and give the app administative privileges (or another user privileges depending on the privileges the account you supplied has). The system interacts with the app as if it were running from the account you supplied. All the threads started by the app also has the same privileges(I haven't tested this)
Please note that it doesnot compromise your security; since a person without the proper ID/password cannot run the privilged argument/app etc.
However you should revert the status back as shown in the example for added security.
This can be very useful for system admininstrators etc when one nneds to allow a particular functionality only without giving full privileges of that account. Also the user need not login to a different account for a particular task.
This is just a primer; There are several other related API's (DdeImpersonateClient, ImpersonateNamedPipeClient, ImpersonateSelf which give you more specific contol )
You can extend the above demo for the specific purpose you need.
I am not a NT security guru. You can chose the options that best suit you.
Any comments and suggestions welcome. Download here :
http://codescript.vdsworld.com/VDS5src/Impersonate_user.zip
Enjoy ! _________________ Regards
- CodeScript
Give your application a professional look with the VDSGUI Extension |
|
Back to top |
|
|
Sanjuro Contributor
Joined: 01 May 2003 Posts: 59 Location: Norfolk-United Kingdom
|
Posted: Fri Aug 08, 2003 9:33 pm Post subject: |
|
|
This is really nice stuff codescript!
I can see many many uses for this, thanks for making it available
Cheers
Sanjuro _________________ "Apparently three out of four people make up 75 percent of the population. |
|
Back to top |
|
|
|