Professional Web Applications Themes

Calling CreateProcessWithLogonW - ASP.NET Security

Hallo NG, ive posted this before on microsoft.public.dotnet.framework.aspnet but didnt get a response. im stuck with this for a week now. and i think i used every possible resource but didnt get it to work. === I have problems with calling the CreateProcessWithLogonW() function. I tried converting an VB6 example ([url]http://support.microsoft.com/default.aspx?scid=kb;en-us;285879[/url]) and some snippets i found around the web. but i cant get it to work. It tries to start the application, but it fails. In my eventlog i can see a new info message, everytime i execute my code. i try to translate it, cause i have a german ...

  1. #1

    Default Calling CreateProcessWithLogonW

    Hallo NG,
    ive posted this before on microsoft.public.dotnet.framework.aspnet but didnt
    get a response. im stuck with this for a week now. and i think i used every
    possible resource but didnt get it to work.
    ===
    I have problems with calling the CreateProcessWithLogonW() function. I tried
    converting an VB6 example
    ([url]http://support.microsoft.com/default.aspx?scid=kb;en-us;285879[/url]) and some
    snippets i found around the web. but i cant get it to work. It tries to
    start the application, but it fails. In my eventlog i can see a new info
    message, everytime i execute my code. i try to translate it, cause i have a
    german windows installed, so it maybe wont be the exact words of the
    original english info message.

    Application popup: some.exe - Error in application: the application couldnt
    be initialized properly (0xc0000142). Click "OK" to exit.
    event-id: 26

    I tried launching notepad.exe, cmd.exe, cscript.exe but everytime the same
    error. What im tryin to achieve is, to execute the vbscript file
    makew3site.vbs from IIS > AdminScripts.

    This is my code:

    Option Strict Off
    Option Explicit On
    Imports System.Runtime.InteropServices

    Public Class WebForm2
    Inherits System.Web.UI.Page

    Protected WithEvents lblTest As System.Web.UI.WebControls.Label

    #Region "Structs"
    <StructLayout(LayoutKind.Sequential)> _
    Public Structure PROCESS_INFORMATION
    Dim hProcess As System.IntPtr
    Dim hThread As System.IntPtr
    Dim dwProcessId As Integer
    Dim dwThreadId As Integer
    End Structure

    <StructLayout(LayoutKind.Sequential)> _
    Public Structure STARTUPINFO
    Dim cb As Integer
    Dim lpReserved As System.IntPtr
    Dim lpDesktop As System.IntPtr
    Dim lpTitle As System.IntPtr
    Dim dwX As Integer
    Dim dwY As Integer
    Dim dwXSize As Integer
    Dim dwYSize As Integer
    Dim dwXCountChars As Integer
    Dim dwYCountChars As Integer
    Dim dwFillAttribute As Integer
    Dim dwFlags As Integer
    Dim wShowWindow As Short
    Dim cbReserved2 As Short
    Dim lpReserved2 As System.IntPtr
    Dim hStdInput As System.IntPtr
    Dim hStdOutput As System.IntPtr
    Dim hStdError As System.IntPtr
    End Structure

    #End Region

    #Region "APIINFO"
    Private Const LOGON_NETCREDENTIALS_ONLY As Integer = &H2
    Private Const NORMAL_PRIORITY_CLASS As Integer = &H20
    Private Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000
    Private Const CREATE_NEW_CONSOLE As Integer = &H10
    Private Const CREATE_NEW_PROCESS_GROUP As Integer = &H200
    Private Const LOGON_WITH_PROFILE As Integer = &H1

    Private Declare Unicode Function CreateProcessWithLogon Lib "Advapi32"
    Alias "CreateProcessWithLogonW" _
    (ByVal lpUsername As String, _
    ByVal lpDomain As String, _
    ByVal lpPassword As String, _
    ByVal dwLogonFlags As Integer, _
    ByVal lpApplicationName As String, _
    ByVal lpCommandLine As String, _
    ByVal dwCreationFlags As Integer, _
    ByVal lpEnvironment As System.IntPtr, _
    ByVal lpCurrentDirectory As System.IntPtr, _
    ByRef lpStartupInfo As STARTUPINFO, _
    ByRef lpProcessInfo As PROCESS_INFORMATION) As Integer

    Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As
    System.IntPtr) As Integer
    #End Region

    #Region " Vom Web Form Designer generierter Code "

    'Dieser Aufruf ist für den Web Form-Designer erforderlich.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub
    InitializeComponent()

    End Sub

    Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles MyBase.Init
    'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
    'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
    InitializeComponent()
    End Sub

    #End Region

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles MyBase.Load
    Dim szApp As String = "C:\winnt\notepad.exe"
    Dim szCmdLine As String = ""
    Dim szUser As String = "user"
    Dim szPass As String = "password"
    Dim szDomain As String = "TEST"
    Dim siStartup As STARTUPINFO
    Dim piProcess As PROCESS_INFORMATION

    siStartup.cb = Marshal.SizeOf(siStartup)
    siStartup.dwFlags = 0

    Dim ret As Integer = CreateProcessWithLogon(szUser, szDomain,
    szPass, LOGON_WITH_PROFILE, szApp, szCmdLine, _
    CREATE_DEFAULT_ERROR_MODE, _
    IntPtr.Zero, IntPtr.Zero, siStartup, piProcess)

    If ret = 0 Then
    lblTest.Text = New
    System.ComponentModel.Win32Exception(Marshal.GetLa stWin32Error()).Message
    End If

    CloseHandle(piProcess.hProcess)
    CloseHandle(piProcess.hThread)
    End Sub

    End Class

    I tried many combinations for szApp and szCmdLine, like tryin to give szApp
    a reference to the exe, and szCmdLine the arguments, or leaving szApp empty
    and passing everything woth szCmdLine like this:

    Dim szCmdLine As String = "C:\Winnt\notepad.exe /put params here"

    Also i tried to pass 0& as an integer in szApp, and szCmdLine like the above
    one.
    What i want to do is:

    Dim szApp As String = "C:\Inetpub\AdminScripts\mkw3site.vbs"
    Dim szCmdLine As String = "-r C:\Inetpub\wwwroot\client -t client.test.de -o
    8080"

    Could plz someone help me, im stuck with this for quite some days now, and
    its drivin me nuts.
    thx in advance
    regards benni
    ====
    in addition to that, someone found out that this works on a w2k workstation,
    but doesnt on a w2k server. could someone plz help me, or give me another
    way to contact microsoft directly (i know thats what newsgroups are for, but
    i know that this should work but it doesnt, and i need it really bad)

    thanx for every response
    regards benni



    Benjamin Bittner Guest

  2. #2

    Default Re: Calling CreateProcessWithLogonW

    Benjamin,

    Not all APIs are supported on all versions/editions.

    referencing the conversation:
    [url]http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&frame=right&th=b5454e91a0416f41&seekm=%23VPJN0RX EHA.3476%40TK2MSFTNGP10.phx.gbl#link1[/url]

    You can impersonate your application to run under an account
    which has permissions to access certain resources:
    <identity impersonate="true" username="domain\username"
    password="password" />

    This way when you application attempts to access another resource
    that requires authentication, the username and password specified
    here are used to authenticate for that resource. Storing passwords
    in clear text is a security issue so thats solved here:
    [url]http://support.microsoft.com/?id=329290[/url]

    --
    Hope this helps,
    Zeeshan Mustafa, MCSD


    "Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
    news:%23GZi7bCYEHA.3804TK2MSFTNGP10.phx.gbl...
    > Hallo NG,
    > ive posted this before on microsoft.public.dotnet.framework.aspnet but
    didnt
    > get a response. im stuck with this for a week now. and i think i used
    every
    > possible resource but didnt get it to work.
    > ===
    > I have problems with calling the CreateProcessWithLogonW() function. I
    tried
    > converting an VB6 example
    > ([url]http://support.microsoft.com/default.aspx?scid=kb;en-us;285879[/url]) and some
    > snippets i found around the web. but i cant get it to work. It tries to
    > start the application, but it fails. In my eventlog i can see a new info
    > message, everytime i execute my code. i try to translate it, cause i have
    a
    > german windows installed, so it maybe wont be the exact words of the
    > original english info message.
    >
    > Application popup: some.exe - Error in application: the application
    couldnt
    > be initialized properly (0xc0000142). Click "OK" to exit.
    > event-id: 26
    >
    > I tried launching notepad.exe, cmd.exe, cscript.exe but everytime the same
    > error. What im tryin to achieve is, to execute the vbscript file
    > makew3site.vbs from IIS > AdminScripts.
    >
    > This is my code:
    >
    > Option Strict Off
    > Option Explicit On
    > Imports System.Runtime.InteropServices
    >
    > Public Class WebForm2
    > Inherits System.Web.UI.Page
    >
    > Protected WithEvents lblTest As System.Web.UI.WebControls.Label
    >
    > #Region "Structs"
    > <StructLayout(LayoutKind.Sequential)> _
    > Public Structure PROCESS_INFORMATION
    > Dim hProcess As System.IntPtr
    > Dim hThread As System.IntPtr
    > Dim dwProcessId As Integer
    > Dim dwThreadId As Integer
    > End Structure
    >
    > <StructLayout(LayoutKind.Sequential)> _
    > Public Structure STARTUPINFO
    > Dim cb As Integer
    > Dim lpReserved As System.IntPtr
    > Dim lpDesktop As System.IntPtr
    > Dim lpTitle As System.IntPtr
    > Dim dwX As Integer
    > Dim dwY As Integer
    > Dim dwXSize As Integer
    > Dim dwYSize As Integer
    > Dim dwXCountChars As Integer
    > Dim dwYCountChars As Integer
    > Dim dwFillAttribute As Integer
    > Dim dwFlags As Integer
    > Dim wShowWindow As Short
    > Dim cbReserved2 As Short
    > Dim lpReserved2 As System.IntPtr
    > Dim hStdInput As System.IntPtr
    > Dim hStdOutput As System.IntPtr
    > Dim hStdError As System.IntPtr
    > End Structure
    >
    > #End Region
    >
    > #Region "APIINFO"
    > Private Const LOGON_NETCREDENTIALS_ONLY As Integer = &H2
    > Private Const NORMAL_PRIORITY_CLASS As Integer = &H20
    > Private Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000
    > Private Const CREATE_NEW_CONSOLE As Integer = &H10
    > Private Const CREATE_NEW_PROCESS_GROUP As Integer = &H200
    > Private Const LOGON_WITH_PROFILE As Integer = &H1
    >
    > Private Declare Unicode Function CreateProcessWithLogon Lib "Advapi32"
    > Alias "CreateProcessWithLogonW" _
    > (ByVal lpUsername As String, _
    > ByVal lpDomain As String, _
    > ByVal lpPassword As String, _
    > ByVal dwLogonFlags As Integer, _
    > ByVal lpApplicationName As String, _
    > ByVal lpCommandLine As String, _
    > ByVal dwCreationFlags As Integer, _
    > ByVal lpEnvironment As System.IntPtr, _
    > ByVal lpCurrentDirectory As System.IntPtr, _
    > ByRef lpStartupInfo As STARTUPINFO, _
    > ByRef lpProcessInfo As PROCESS_INFORMATION) As Integer
    >
    > Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As
    > System.IntPtr) As Integer
    > #End Region
    >
    > #Region " Vom Web Form Designer generierter Code "
    >
    > 'Dieser Aufruf ist für den Web Form-Designer erforderlich.
    > <System.Diagnostics.DebuggerStepThrough()> Private Sub
    > InitializeComponent()
    >
    > End Sub
    >
    > Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
    > System.EventArgs) Handles MyBase.Init
    > 'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
    > 'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
    > InitializeComponent()
    > End Sub
    >
    > #End Region
    >
    > Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    > System.EventArgs) Handles MyBase.Load
    > Dim szApp As String = "C:\winnt\notepad.exe"
    > Dim szCmdLine As String = ""
    > Dim szUser As String = "user"
    > Dim szPass As String = "password"
    > Dim szDomain As String = "TEST"
    > Dim siStartup As STARTUPINFO
    > Dim piProcess As PROCESS_INFORMATION
    >
    > siStartup.cb = Marshal.SizeOf(siStartup)
    > siStartup.dwFlags = 0
    >
    > Dim ret As Integer = CreateProcessWithLogon(szUser, szDomain,
    > szPass, LOGON_WITH_PROFILE, szApp, szCmdLine, _
    > CREATE_DEFAULT_ERROR_MODE, _
    > IntPtr.Zero, IntPtr.Zero, siStartup, piProcess)
    >
    > If ret = 0 Then
    > lblTest.Text = New
    > System.ComponentModel.Win32Exception(Marshal.GetLa stWin32Error()).Message
    > End If
    >
    > CloseHandle(piProcess.hProcess)
    > CloseHandle(piProcess.hThread)
    > End Sub
    >
    > End Class
    >
    > I tried many combinations for szApp and szCmdLine, like tryin to give
    szApp
    > a reference to the exe, and szCmdLine the arguments, or leaving szApp
    empty
    > and passing everything woth szCmdLine like this:
    >
    > Dim szCmdLine As String = "C:\Winnt\notepad.exe /put params here"
    >
    > Also i tried to pass 0& as an integer in szApp, and szCmdLine like the
    above
    > one.
    > What i want to do is:
    >
    > Dim szApp As String = "C:\Inetpub\AdminScripts\mkw3site.vbs"
    > Dim szCmdLine As String = "-r C:\Inetpub\wwwroot\client -t
    client.test.de -o
    > 8080"
    >
    > Could plz someone help me, im stuck with this for quite some days now, and
    > its drivin me nuts.
    > thx in advance
    > regards benni
    > ====
    > in addition to that, someone found out that this works on a w2k
    workstation,
    > but doesnt on a w2k server. could someone plz help me, or give me another
    > way to contact microsoft directly (i know thats what newsgroups are for,
    but
    > i know that this should work but it doesnt, and i need it really bad)
    >
    > thanx for every response
    > regards benni
    >
    >
    >

    M. Zeeshan Mustafa Guest

  3. #3

    Default Re: Calling CreateProcessWithLogonW

    Under Win2K, you need the Act As Part of the Operating System privilege to
    call LogonUser or CreateProcessWithLogon. You only have this by default if
    you are the SYSTEM account. This may be part of the problem.

    Joe K.

    "Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
    news:%23GZi7bCYEHA.3804TK2MSFTNGP10.phx.gbl...
    > Hallo NG,
    > ive posted this before on microsoft.public.dotnet.framework.aspnet but
    didnt
    > get a response. im stuck with this for a week now. and i think i used
    every
    > possible resource but didnt get it to work.
    > ===
    > I have problems with calling the CreateProcessWithLogonW() function. I
    tried
    > converting an VB6 example
    > ([url]http://support.microsoft.com/default.aspx?scid=kb;en-us;285879[/url]) and some
    > snippets i found around the web. but i cant get it to work. It tries to
    > start the application, but it fails. In my eventlog i can see a new info
    > message, everytime i execute my code. i try to translate it, cause i have
    a
    > german windows installed, so it maybe wont be the exact words of the
    > original english info message.
    >
    > Application popup: some.exe - Error in application: the application
    couldnt
    > be initialized properly (0xc0000142). Click "OK" to exit.
    > event-id: 26
    >
    > I tried launching notepad.exe, cmd.exe, cscript.exe but everytime the same
    > error. What im tryin to achieve is, to execute the vbscript file
    > makew3site.vbs from IIS > AdminScripts.
    >
    > This is my code:
    >
    > Option Strict Off
    > Option Explicit On
    > Imports System.Runtime.InteropServices
    >
    > Public Class WebForm2
    > Inherits System.Web.UI.Page
    >
    > Protected WithEvents lblTest As System.Web.UI.WebControls.Label
    >
    > #Region "Structs"
    > <StructLayout(LayoutKind.Sequential)> _
    > Public Structure PROCESS_INFORMATION
    > Dim hProcess As System.IntPtr
    > Dim hThread As System.IntPtr
    > Dim dwProcessId As Integer
    > Dim dwThreadId As Integer
    > End Structure
    >
    > <StructLayout(LayoutKind.Sequential)> _
    > Public Structure STARTUPINFO
    > Dim cb As Integer
    > Dim lpReserved As System.IntPtr
    > Dim lpDesktop As System.IntPtr
    > Dim lpTitle As System.IntPtr
    > Dim dwX As Integer
    > Dim dwY As Integer
    > Dim dwXSize As Integer
    > Dim dwYSize As Integer
    > Dim dwXCountChars As Integer
    > Dim dwYCountChars As Integer
    > Dim dwFillAttribute As Integer
    > Dim dwFlags As Integer
    > Dim wShowWindow As Short
    > Dim cbReserved2 As Short
    > Dim lpReserved2 As System.IntPtr
    > Dim hStdInput As System.IntPtr
    > Dim hStdOutput As System.IntPtr
    > Dim hStdError As System.IntPtr
    > End Structure
    >
    > #End Region
    >
    > #Region "APIINFO"
    > Private Const LOGON_NETCREDENTIALS_ONLY As Integer = &H2
    > Private Const NORMAL_PRIORITY_CLASS As Integer = &H20
    > Private Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000
    > Private Const CREATE_NEW_CONSOLE As Integer = &H10
    > Private Const CREATE_NEW_PROCESS_GROUP As Integer = &H200
    > Private Const LOGON_WITH_PROFILE As Integer = &H1
    >
    > Private Declare Unicode Function CreateProcessWithLogon Lib "Advapi32"
    > Alias "CreateProcessWithLogonW" _
    > (ByVal lpUsername As String, _
    > ByVal lpDomain As String, _
    > ByVal lpPassword As String, _
    > ByVal dwLogonFlags As Integer, _
    > ByVal lpApplicationName As String, _
    > ByVal lpCommandLine As String, _
    > ByVal dwCreationFlags As Integer, _
    > ByVal lpEnvironment As System.IntPtr, _
    > ByVal lpCurrentDirectory As System.IntPtr, _
    > ByRef lpStartupInfo As STARTUPINFO, _
    > ByRef lpProcessInfo As PROCESS_INFORMATION) As Integer
    >
    > Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As
    > System.IntPtr) As Integer
    > #End Region
    >
    > #Region " Vom Web Form Designer generierter Code "
    >
    > 'Dieser Aufruf ist für den Web Form-Designer erforderlich.
    > <System.Diagnostics.DebuggerStepThrough()> Private Sub
    > InitializeComponent()
    >
    > End Sub
    >
    > Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
    > System.EventArgs) Handles MyBase.Init
    > 'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
    > 'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
    > InitializeComponent()
    > End Sub
    >
    > #End Region
    >
    > Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    > System.EventArgs) Handles MyBase.Load
    > Dim szApp As String = "C:\winnt\notepad.exe"
    > Dim szCmdLine As String = ""
    > Dim szUser As String = "user"
    > Dim szPass As String = "password"
    > Dim szDomain As String = "TEST"
    > Dim siStartup As STARTUPINFO
    > Dim piProcess As PROCESS_INFORMATION
    >
    > siStartup.cb = Marshal.SizeOf(siStartup)
    > siStartup.dwFlags = 0
    >
    > Dim ret As Integer = CreateProcessWithLogon(szUser, szDomain,
    > szPass, LOGON_WITH_PROFILE, szApp, szCmdLine, _
    > CREATE_DEFAULT_ERROR_MODE, _
    > IntPtr.Zero, IntPtr.Zero, siStartup, piProcess)
    >
    > If ret = 0 Then
    > lblTest.Text = New
    > System.ComponentModel.Win32Exception(Marshal.GetLa stWin32Error()).Message
    > End If
    >
    > CloseHandle(piProcess.hProcess)
    > CloseHandle(piProcess.hThread)
    > End Sub
    >
    > End Class
    >
    > I tried many combinations for szApp and szCmdLine, like tryin to give
    szApp
    > a reference to the exe, and szCmdLine the arguments, or leaving szApp
    empty
    > and passing everything woth szCmdLine like this:
    >
    > Dim szCmdLine As String = "C:\Winnt\notepad.exe /put params here"
    >
    > Also i tried to pass 0& as an integer in szApp, and szCmdLine like the
    above
    > one.
    > What i want to do is:
    >
    > Dim szApp As String = "C:\Inetpub\AdminScripts\mkw3site.vbs"
    > Dim szCmdLine As String = "-r C:\Inetpub\wwwroot\client -t
    client.test.de -o
    > 8080"
    >
    > Could plz someone help me, im stuck with this for quite some days now, and
    > its drivin me nuts.
    > thx in advance
    > regards benni
    > ====
    > in addition to that, someone found out that this works on a w2k
    workstation,
    > but doesnt on a w2k server. could someone plz help me, or give me another
    > way to contact microsoft directly (i know thats what newsgroups are for,
    but
    > i know that this should work but it doesnt, and i need it really bad)
    >
    > thanx for every response
    > regards benni
    >
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  4. #4

    Default Re: Calling CreateProcessWithLogonW

    Hallo Joe and Zeeshan
    "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com> schrieb
    im Newsbeitrag news:eBgwocGYEHA.264TK2MSFTNGP10.phx.gbl...
    > Under Win2K, you need the Act As Part of the Operating System privilege to
    > call LogonUser or CreateProcessWithLogon. You only have this by default
    if
    > you are the SYSTEM account. This may be part of the problem.
    >
    > Joe K.
    >
    I think i tried everything. Im impersonating already. But starting a process
    from an asp.net app, starts the process in the user context of the parent
    process, which is the asp.net worker process, so impersonating wont help.
    The Adminstrator account im tryin to start my process in has the rights act
    as part of the os, increase quotas, replace a process level token. Ive found
    a comment in a script that calls CreateProcessWithLogonW:

    ' WARNING:
    ' Do not use "." (local computer) for RUNAS_DOMAIN. I got some errors when I
    ' used this class with "." on ASP.NET Aplications (0xc0000142)
    ' Instead, use the computer name or the domain associated with the user.
    ' CreateProcessAsUser() requires that the caller has the following
    permissions
    ' Permission Display Name
    ' ---------------------------------------------------------------
    ' SE_ASSIGNPRIMARYTOKEN_NAME Replace a process level token
    ' SE_INCREASE_QUOTA_NAME Increase quotas

    0xc0000142 is the exact error im getting. But i dont call the function with
    "." for local, i call it with "TEST", which is the computers name. Ive
    searched google a lot for that error code, but theres just too much that can
    cause this error. I found a possible solution that said that you have to do
    "sfc /scannow" at cmd prompt to scan all protected system files. So i did
    this, but the error stays. But by doing this, i found out something else,
    that might be interesting for my problem. I couldnt do "/sfc /scannow", if i
    was logged in on this server with the terminal service client (i dont
    exactly know wether it is called this way in the us version, i just tried to
    translate it), although i was logged in as Administrator. But sitting in
    front of the machine, executing this command was no problem. Maybe there are
    some restriction on rights with external connections, but i didnt find
    something.

    Regars Benni



    Benjamin Bittner Guest

  5. #5

    Default Re: Calling CreateProcessWithLogonW

    Hi Benni,

    Just to confirm that I understand what you are doing, you are calling
    CreateProcessWithLogonW from an ASP.NET application on Win2K with the
    current impersonated thread identity being a highly privileged admin account
    and the process identity being the standard ASPNET worker process account,
    right?

    I'm not sure what the error you are getting is (VS2003 error lookup didn't
    seem to find it), but I was wondering if you can try calling the LogonUser
    API with the credentials you have first to create a logon token? Then from
    there, perhaps you could try calling CreateProcessWithTokenW? That way, you
    can determine if you can get the logon part working and can create the token
    you need.

    HTH,

    Joe K.

    "Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
    news:%23YSjasmYEHA.3012tk2msftngp13.phx.gbl...
    > Hallo Joe and Zeeshan
    > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com>
    schrieb
    > im Newsbeitrag news:eBgwocGYEHA.264TK2MSFTNGP10.phx.gbl...
    > > Under Win2K, you need the Act As Part of the Operating System privilege
    to
    > > call LogonUser or CreateProcessWithLogon. You only have this by default
    > if
    > > you are the SYSTEM account. This may be part of the problem.
    > >
    > > Joe K.
    > >
    > I think i tried everything. Im impersonating already. But starting a
    process
    > from an asp.net app, starts the process in the user context of the parent
    > process, which is the asp.net worker process, so impersonating wont help.
    > The Adminstrator account im tryin to start my process in has the rights
    act
    > as part of the os, increase quotas, replace a process level token. Ive
    found
    > a comment in a script that calls CreateProcessWithLogonW:
    >
    > ' WARNING:
    > ' Do not use "." (local computer) for RUNAS_DOMAIN. I got some errors when
    I
    > ' used this class with "." on ASP.NET Aplications (0xc0000142)
    > ' Instead, use the computer name or the domain associated with the user.
    > ' CreateProcessAsUser() requires that the caller has the following
    > permissions
    > ' Permission Display Name
    > ' ---------------------------------------------------------------
    > ' SE_ASSIGNPRIMARYTOKEN_NAME Replace a process level token
    > ' SE_INCREASE_QUOTA_NAME Increase quotas
    >
    > 0xc0000142 is the exact error im getting. But i dont call the function
    with
    > "." for local, i call it with "TEST", which is the computers name. Ive
    > searched google a lot for that error code, but theres just too much that
    can
    > cause this error. I found a possible solution that said that you have to
    do
    > "sfc /scannow" at cmd prompt to scan all protected system files. So i did
    > this, but the error stays. But by doing this, i found out something else,
    > that might be interesting for my problem. I couldnt do "/sfc /scannow", if
    i
    > was logged in on this server with the terminal service client (i dont
    > exactly know wether it is called this way in the us version, i just tried
    to
    > translate it), although i was logged in as Administrator. But sitting in
    > front of the machine, executing this command was no problem. Maybe there
    are
    > some restriction on rights with external connections, but i didnt find
    > something.
    >
    > Regars Benni
    >
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  6. #6

    Default Re: Calling CreateProcessWithLogonW

    Hallo Joe
    "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com> schrieb
    im Newsbeitrag news:uKzPBZrYEHA.3688TK2MSFTNGP12.phx.gbl...
    > Hi Benni,
    >
    > Just to confirm that I understand what you are doing, you are calling
    > CreateProcessWithLogonW from an ASP.NET application on Win2K with the
    > current impersonated thread identity being a highly privileged admin
    account
    > and the process identity being the standard ASPNET worker process account,
    > right?
    Exactly.
    > I'm not sure what the error you are getting is (VS2003 error lookup didn't
    > seem to find it), but I was wondering if you can try calling the LogonUser
    > API with the credentials you have first to create a logon token? Then
    from
    > there, perhaps you could try calling CreateProcessWithTokenW? That way,
    you
    > can determine if you can get the logon part working and can create the
    token
    > you need.
    >
    Okay I tried that with this code:
    =============Code===============
    Option Strict Off
    Option Explicit On
    Imports System.Runtime.InteropServices

    Public Class WebForm4
    Inherits System.Web.UI.Page

    Protected WithEvents lblTest As System.Web.UI.WebControls.Label

    Public Enum eWindowsDefinesParamsLogonType
    LOGON32_LOGON_INTERACTIVE = 2
    LOGON32_LOGON_NETWORK = 3
    LOGON32_LOGON_BATCH = 4
    LOGON32_LOGON_SERVICE = 5
    LOGON32_LOGON_UNLOCK = 7
    '#if(_WIN32_WINNT >= 0x0500)
    LOGON32_LOGON_NETWORK_CLEARTEXT = 8
    LOGON32_LOGON_NEW_CREDENTIALS = 9
    '#endif // (_WIN32_WINNT >= 0x0500)
    End Enum

    Public Enum eWindowsDefinesParamsLogonProvider
    LOGON32_PROVIDER_DEFAULT = 0
    LOGON32_PROVIDER_WINNT35 = 1
    '#if(_WIN32_WINNT >= 0x0400)
    LOGON32_PROVIDER_WINNT40 = 2
    '#endif /* _WIN32_WINNT >= 0x0400 */
    '#if(_WIN32_WINNT >= 0x0500)
    LOGON32_PROVIDER_WINNT50 = 3
    '#endif // (_WIN32_WINNT >= 0x0500)
    End Enum

    <DllImport("advapi32.dll", SetLastError:=True)> _
    Public Shared Function LogonUser( _
    ByVal lpszUsername As String, _
    ByVal lpszDomain As String, _
    ByVal lpszPassword As String, _
    ByVal dwLogonType As Integer, _
    ByVal dwLogonProvider As Integer, _
    ByRef phToken As IntPtr) As Boolean
    End Function

    <DllImport("kernel32.dll",
    Cht:=System.Runtime.InteropServices.Cht.Au to, SetLastError:=True)> _
    Public Function CloseHandle(ByVal handle As IntPtr) As Boolean
    End Function

    Private Const VER_PLATFORM_WIN32_NT = &H2

    #Region " Vom Web Form Designer generierter Code "

    'Dieser Aufruf ist für den Web Form-Designer erforderlich.
    <System.Diagnostics.DebuggerStepThrough()> Private Sub
    InitializeComponent()

    End Sub

    Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles MyBase.Init
    'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
    'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
    InitializeComponent()
    End Sub

    #End Region

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles MyBase.Load
    Dim tokenHandle As IntPtr = IntPtr.Zero
    Dim result As Boolean = LogonUser("Administrator", "TEST",
    "huhukolo72#", eWindowsDefinesParamsLogonType.LOGON32_LOGON_INTER ACTIVE,
    eWindowsDefinesParamsLogonProvider.LOGON32_PROVIDE R_DEFAULT, tokenHandle)
    If result Then
    'logged in
    Else
    lblTest.Text = Marshal.GetLastWin32Error().ToString
    End If
    End Sub

    End Class
    =============/Code===============

    I get the error code 1314 without any text. Just 1314. Ill try to find out
    what that means.

    Regards Benni


    Benjamin Bittner Guest

  7. #7

    Default Re: Calling CreateProcessWithLogonW

    That means "A required privilege is not held by the client". You can
    determine this easily by calling Marshal.GetLastWin32Error and passing the
    resulting code to the constructor on the
    System.ComponentModel.Win32Exception class.

    Basically what this means is that the code calling LogonUser doesn't have
    the "Act as part of the operating system" privilege that you need under
    Win2K. You might to review your settings for the account that is calling
    this code.

    Joe K.

    "Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
    news:eaeA1CzYEHA.2908TK2MSFTNGP10.phx.gbl...
    > Hallo Joe
    > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com>
    schrieb
    > im Newsbeitrag news:uKzPBZrYEHA.3688TK2MSFTNGP12.phx.gbl...
    > > Hi Benni,
    > >
    > > Just to confirm that I understand what you are doing, you are calling
    > > CreateProcessWithLogonW from an ASP.NET application on Win2K with the
    > > current impersonated thread identity being a highly privileged admin
    > account
    > > and the process identity being the standard ASPNET worker process
    account,
    > > right?
    >
    > Exactly.
    >
    > > I'm not sure what the error you are getting is (VS2003 error lookup
    didn't
    > > seem to find it), but I was wondering if you can try calling the
    LogonUser
    > > API with the credentials you have first to create a logon token? Then
    > from
    > > there, perhaps you could try calling CreateProcessWithTokenW? That way,
    > you
    > > can determine if you can get the logon part working and can create the
    > token
    > > you need.
    > >
    >
    > Okay I tried that with this code:
    > =============Code===============
    > Option Strict Off
    > Option Explicit On
    > Imports System.Runtime.InteropServices
    >
    > Public Class WebForm4
    > Inherits System.Web.UI.Page
    >
    > Protected WithEvents lblTest As System.Web.UI.WebControls.Label
    >
    > Public Enum eWindowsDefinesParamsLogonType
    > LOGON32_LOGON_INTERACTIVE = 2
    > LOGON32_LOGON_NETWORK = 3
    > LOGON32_LOGON_BATCH = 4
    > LOGON32_LOGON_SERVICE = 5
    > LOGON32_LOGON_UNLOCK = 7
    > '#if(_WIN32_WINNT >= 0x0500)
    > LOGON32_LOGON_NETWORK_CLEARTEXT = 8
    > LOGON32_LOGON_NEW_CREDENTIALS = 9
    > '#endif // (_WIN32_WINNT >= 0x0500)
    > End Enum
    >
    > Public Enum eWindowsDefinesParamsLogonProvider
    > LOGON32_PROVIDER_DEFAULT = 0
    > LOGON32_PROVIDER_WINNT35 = 1
    > '#if(_WIN32_WINNT >= 0x0400)
    > LOGON32_PROVIDER_WINNT40 = 2
    > '#endif /* _WIN32_WINNT >= 0x0400 */
    > '#if(_WIN32_WINNT >= 0x0500)
    > LOGON32_PROVIDER_WINNT50 = 3
    > '#endif // (_WIN32_WINNT >= 0x0500)
    > End Enum
    >
    > <DllImport("advapi32.dll", SetLastError:=True)> _
    > Public Shared Function LogonUser( _
    > ByVal lpszUsername As String, _
    > ByVal lpszDomain As String, _
    > ByVal lpszPassword As String, _
    > ByVal dwLogonType As Integer, _
    > ByVal dwLogonProvider As Integer, _
    > ByRef phToken As IntPtr) As Boolean
    > End Function
    >
    > <DllImport("kernel32.dll",
    > Cht:=System.Runtime.InteropServices.Cht.Au to, SetLastError:=True)>
    _
    > Public Function CloseHandle(ByVal handle As IntPtr) As Boolean
    > End Function
    >
    > Private Const VER_PLATFORM_WIN32_NT = &H2
    >
    > #Region " Vom Web Form Designer generierter Code "
    >
    > 'Dieser Aufruf ist für den Web Form-Designer erforderlich.
    > <System.Diagnostics.DebuggerStepThrough()> Private Sub
    > InitializeComponent()
    >
    > End Sub
    >
    > Private Sub Page_Init(ByVal sender As System.Object, ByVal e As
    > System.EventArgs) Handles MyBase.Init
    > 'CODEGEN: Diese Methode ist für den Web Form-Designer erforderlich
    > 'Verwenden Sie nicht den Code-Editor zur Bearbeitung.
    > InitializeComponent()
    > End Sub
    >
    > #End Region
    >
    > Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    > System.EventArgs) Handles MyBase.Load
    > Dim tokenHandle As IntPtr = IntPtr.Zero
    > Dim result As Boolean = LogonUser("Administrator", "TEST",
    > "huhukolo72#", eWindowsDefinesParamsLogonType.LOGON32_LOGON_INTER ACTIVE,
    > eWindowsDefinesParamsLogonProvider.LOGON32_PROVIDE R_DEFAULT, tokenHandle)
    > If result Then
    > 'logged in
    > Else
    > lblTest.Text = Marshal.GetLastWin32Error().ToString
    > End If
    > End Sub
    >
    > End Class
    > =============/Code===============
    >
    > I get the error code 1314 without any text. Just 1314. Ill try to find out
    > what that means.
    >
    > Regards Benni
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  8. #8

    Default Re: Calling CreateProcessWithLogonW

    Hallo Joe
    "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com> schrieb
    im Newsbeitrag news:eMYBvL2YEHA.3112TK2MSFTNGP09.phx.gbl...
    > That means "A required privilege is not held by the client". You can
    > determine this easily by calling Marshal.GetLastWin32Error and passing the
    > resulting code to the constructor on the
    > System.ComponentModel.Win32Exception class.
    >
    > Basically what this means is that the code calling LogonUser doesn't have
    > the "Act as part of the operating system" privilege that you need under
    > Win2K. You might to review your settings for the account that is calling
    > this code.
    >
    > Joe K.
    >
    I get the current user with WindowsIdentity.GetCurrent().Name. Current user
    is TEST/Administrator, which has the "Act as part of the operating system"
    privilege. With this im impersonating:
    <identity impersonate="true" userName="TEST\Administrator"
    password="myPassword"/>
    Are there some other rights, that the account must have?

    regards benni


    Benjamin Bittner Guest

  9. #9

    Default Re: Calling CreateProcessWithLogonW

    Hi Benjamin,

    According to the docs for LogonUser, you may also need
    SE_CHANGE_NOTIFY_NAME, but you probably already have that. I don't know
    what else to tell you. If you have SE_TCB_NAME, it should work (or at least
    give you a different error).

    Joe K.

    "Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
    news:eZ%23IEK$YEHA.644tk2msftngp13.phx.gbl...
    > Hallo Joe
    > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com>
    schrieb
    > im Newsbeitrag news:eMYBvL2YEHA.3112TK2MSFTNGP09.phx.gbl...
    > > That means "A required privilege is not held by the client". You can
    > > determine this easily by calling Marshal.GetLastWin32Error and passing
    the
    > > resulting code to the constructor on the
    > > System.ComponentModel.Win32Exception class.
    > >
    > > Basically what this means is that the code calling LogonUser doesn't
    have
    > > the "Act as part of the operating system" privilege that you need under
    > > Win2K. You might to review your settings for the account that is
    calling
    > > this code.
    > >
    > > Joe K.
    > >
    > I get the current user with WindowsIdentity.GetCurrent().Name. Current
    user
    > is TEST/Administrator, which has the "Act as part of the operating system"
    > privilege. With this im impersonating:
    > <identity impersonate="true" userName="TEST\Administrator"
    > password="myPassword"/>
    > Are there some other rights, that the account must have?
    >
    > regards benni
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  10. #10

    Default Re: Calling CreateProcessWithLogonW

    Hallo Joe
    "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com> schrieb
    im Newsbeitrag news:uTlVoJDZEHA.384TK2MSFTNGP10.phx.gbl...
    > Hi Benjamin,
    >
    > According to the docs for LogonUser, you may also need
    > SE_CHANGE_NOTIFY_NAME, but you probably already have that. I don't know
    > what else to tell you. If you have SE_TCB_NAME, it should work (or at
    least
    > give you a different error).
    >
    > Joe K.
    >
    First of all, thanks for your time, wether it worked or not.

    So i've triple checked every right, for testing i gave se_tcb_name to
    everyone. But still no changes.
    Do you know another forum or email i could get in contact with microsoft or
    something else i could do to find out why this isnt working?

    regards Benni


    Benjamin Bittner Guest

  11. #11

    Default Re: Calling CreateProcessWithLogonW

    You can always go through Microsoft Product Support Services to do a formal
    inquiry. Depending on the support arrangements with your organization, this
    may or may not cost you money.

    Other things you could do would be to inspect the current token you have to
    see if it actually contains the required privilege. You could write your
    own p/invoke to GetTokenInformation or try out something like the the Win32
    security wrapper at GotDotNet.
    [url]http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9[/url]

    Joe K.

    "Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
    news:%23xEcakDZEHA.3156TK2MSFTNGP12.phx.gbl...
    > Hallo Joe
    > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com>
    schrieb
    > im Newsbeitrag news:uTlVoJDZEHA.384TK2MSFTNGP10.phx.gbl...
    > > Hi Benjamin,
    > >
    > > According to the docs for LogonUser, you may also need
    > > SE_CHANGE_NOTIFY_NAME, but you probably already have that. I don't know
    > > what else to tell you. If you have SE_TCB_NAME, it should work (or at
    > least
    > > give you a different error).
    > >
    > > Joe K.
    > >
    > First of all, thanks for your time, wether it worked or not.
    >
    > So i've triple checked every right, for testing i gave se_tcb_name to
    > everyone. But still no changes.
    > Do you know another forum or email i could get in contact with microsoft
    or
    > something else i could do to find out why this isnt working?
    >
    > regards Benni
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  12. #12

    Default Re: Calling CreateProcessWithLogonW

    Hallo Joe
    "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com> schrieb
    im Newsbeitrag news:OvMzu8DZEHA.212TK2MSFTNGP12.phx.gbl...
    > You can always go through Microsoft Product Support Services to do a
    formal
    > inquiry. Depending on the support arrangements with your organization,
    this
    > may or may not cost you money.
    >
    > Other things you could do would be to inspect the current token you have
    to
    > see if it actually contains the required privilege. You could write your
    > own p/invoke to GetTokenInformation or try out something like the the
    Win32
    > security wrapper at GotDotNet.
    >
    [url]http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9[/url]
    >
    > Joe K.
    >
    Ive donwloaded the classes, but i dont know how to use them. If you know how
    to use them and would give me a hint, that would be great.

    thx in advance
    regards benni


    Benjamin Bittner Guest

  13. #13

    Default Re: Calling CreateProcessWithLogonW

    I haven't really spent much time messing with them, so I can't give you many
    pointers. They have an abstract AccessToken with a Privileges property that
    will give you the information you want. I think the intent is for you to
    call the static AccessTokenThread method on the AccessTokenThread class.

    Hopefully that will help get you started. I believe Data Marvel has an API
    that you can use for this as well.

    GL!

    Joe K.

    "Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
    news:uGQqgtLZEHA.3132TK2MSFTNGP10.phx.gbl...
    > Hallo Joe
    > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com>
    schrieb
    > im Newsbeitrag news:OvMzu8DZEHA.212TK2MSFTNGP12.phx.gbl...
    > > You can always go through Microsoft Product Support Services to do a
    > formal
    > > inquiry. Depending on the support arrangements with your organization,
    > this
    > > may or may not cost you money.
    > >
    > > Other things you could do would be to inspect the current token you have
    > to
    > > see if it actually contains the required privilege. You could write
    your
    > > own p/invoke to GetTokenInformation or try out something like the the
    > Win32
    > > security wrapper at GotDotNet.
    > >
    >
    [url]http://www.gotdotnet.com/Community/UserSamples/Details.aspx?SampleGuid=e6098575-dda0-48b8-9abf-e0705af065d9[/url]
    > >
    > > Joe K.
    > >
    > Ive donwloaded the classes, but i dont know how to use them. If you know
    how
    > to use them and would give me a hint, that would be great.
    >
    > thx in advance
    > regards benni
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  14. #14

    Default Re: Calling CreateProcessWithLogonW

    Try using RUNAS shell command:

    RUNAS USAGE:

    RUNAS [/profile] [/env] [/netonly] /user:<UserName> program

    /profile if the user's profile needs to be loaded
    /env to use current environment instead of user's.
    /netonly use if the credentials specified are for remote access
    only.
    /user <UserName> should be in form USERDOMAIN or DOMAIN\USER
    program command line for EXE. See below for examples

    Examples:
    > runas /profile /user:mymachine\administrator cmd
    > runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
    > runas /env /user:userdomain.microsoft.com "notepad \"my file.txt\""
    NOTE: Enter user's password only when prompted.
    NOTE: USERDOMAIN is not compatible with /netonly.

    --
    Hope this helps,
    Zeeshan Mustafa, MCSD


    "Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
    news:%23YSjasmYEHA.3012tk2msftngp13.phx.gbl...
    > Hallo Joe and Zeeshan
    > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com>
    schrieb
    > im Newsbeitrag news:eBgwocGYEHA.264TK2MSFTNGP10.phx.gbl...
    > > Under Win2K, you need the Act As Part of the Operating System privilege
    to
    > > call LogonUser or CreateProcessWithLogon. You only have this by default
    > if
    > > you are the SYSTEM account. This may be part of the problem.
    > >
    > > Joe K.
    > >
    > I think i tried everything. Im impersonating already. But starting a
    process
    > from an asp.net app, starts the process in the user context of the parent
    > process, which is the asp.net worker process, so impersonating wont help.
    > The Adminstrator account im tryin to start my process in has the rights
    act
    > as part of the os, increase quotas, replace a process level token. Ive
    found
    > a comment in a script that calls CreateProcessWithLogonW:
    >
    > ' WARNING:
    > ' Do not use "." (local computer) for RUNAS_DOMAIN. I got some errors when
    I
    > ' used this class with "." on ASP.NET Aplications (0xc0000142)
    > ' Instead, use the computer name or the domain associated with the user.
    > ' CreateProcessAsUser() requires that the caller has the following
    > permissions
    > ' Permission Display Name
    > ' ---------------------------------------------------------------
    > ' SE_ASSIGNPRIMARYTOKEN_NAME Replace a process level token
    > ' SE_INCREASE_QUOTA_NAME Increase quotas
    >
    > 0xc0000142 is the exact error im getting. But i dont call the function
    with
    > "." for local, i call it with "TEST", which is the computers name. Ive
    > searched google a lot for that error code, but theres just too much that
    can
    > cause this error. I found a possible solution that said that you have to
    do
    > "sfc /scannow" at cmd prompt to scan all protected system files. So i did
    > this, but the error stays. But by doing this, i found out something else,
    > that might be interesting for my problem. I couldnt do "/sfc /scannow", if
    i
    > was logged in on this server with the terminal service client (i dont
    > exactly know wether it is called this way in the us version, i just tried
    to
    > translate it), although i was logged in as Administrator. But sitting in
    > front of the machine, executing this command was no problem. Maybe there
    are
    > some restriction on rights with external connections, but i didnt find
    > something.
    >
    > Regars Benni
    >
    >
    >

    M. Zeeshan Mustafa Guest

  15. #15

    Default Re: Calling CreateProcessWithLogonW

    Hallo Zeeshan
    "M. Zeeshan Mustafa" <zeeshanno-spm.please.zeeshan.net> schrieb im
    Newsbeitrag news:OypoBnBaEHA.384TK2MSFTNGP10.phx.gbl...
    > Try using RUNAS shell command:
    >
    > RUNAS USAGE:
    >
    > RUNAS [/profile] [/env] [/netonly] /user:<UserName> program
    >
    > /profile if the user's profile needs to be loaded
    > /env to use current environment instead of user's.
    > /netonly use if the credentials specified are for remote access
    > only.
    > /user <UserName> should be in form USERDOMAIN or DOMAIN\USER
    > program command line for EXE. See below for examples
    >
    > Examples:
    > > runas /profile /user:mymachine\administrator cmd
    > > runas /profile /env /user:mydomain\admin "mmc %windir%\system32\dsa.msc"
    > > runas /env /user:userdomain.microsoft.com "notepad \"my file.txt\""
    >
    > NOTE: Enter user's password only when prompted.
    > NOTE: USERDOMAIN is not compatible with /netonly.
    >
    > --
    > Hope this helps,
    > Zeeshan Mustafa, MCSD
    >
    >
    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles MyBase.Load
    Dim psCscript As Process = New Process()
    With psCscript
    .StartInfo.FileName = "cmd.exe /C runas /user:TEST\Administrator
    ""cmd.exe /C C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
    C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"""
    .StartInfo.Arguments = ""
    End With
    psCscript.Start()
    psCscript.WaitForExit()
    lblTest.Text = "Prozess beendet um: " & psCscript.ExitTime & "<br>"
    & _
    "Exit Code: " & psCscript.ExitCode
    psCscript.Close()

    lblTest.Text &= "<br> File Name: " & psCscript.StartInfo.FileName
    lblTest.Text &= "<br> Arguments: " & psCscript.StartInfo.Arguments
    End Sub

    But i dont know how to react on the password prompt.
    I executed this:
    runas /user:TEST\Administrator "cmd.exe /C
    C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
    C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"
    and it prompted for the password. Then i entered the password, and the vb
    script gets executed correctly. So is there a way to react on the password
    prompt?

    regards Benni


    Benjamin Bittner Guest

  16. #16

    Default Re: Calling CreateProcessWithLogonW

    You will need to redirect the input and output streams of the Process class
    so that you can send and receive text using them. This might work better if
    you call runas directly instead of calling it from a VBScript, but either
    might work.

    To redirect the streams, you need to set UseShellExecute to False and set
    RedirectStandardInput and RedirectStandardOutput to true. Then, you read
    and write to the streams on the Process instance.

    Joe K.

    "Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
    news:eDx3uCNaEHA.3352TK2MSFTNGP12.phx.gbl...
    > Hallo Zeeshan
    > "M. Zeeshan Mustafa" <zeeshanno-spm.please.zeeshan.net> schrieb im
    > Newsbeitrag news:OypoBnBaEHA.384TK2MSFTNGP10.phx.gbl...
    > > Try using RUNAS shell command:
    > >
    > > RUNAS USAGE:
    > >
    > > RUNAS [/profile] [/env] [/netonly] /user:<UserName> program
    > >
    > > /profile if the user's profile needs to be loaded
    > > /env to use current environment instead of user's.
    > > /netonly use if the credentials specified are for remote
    access
    > > only.
    > > /user <UserName> should be in form USERDOMAIN or
    DOMAIN\USER
    > > program command line for EXE. See below for examples
    > >
    > > Examples:
    > > > runas /profile /user:mymachine\administrator cmd
    > > > runas /profile /env /user:mydomain\admin "mmc
    %windir%\system32\dsa.msc"
    > > > runas /env /user:userdomain.microsoft.com "notepad \"my file.txt\""
    > >
    > > NOTE: Enter user's password only when prompted.
    > > NOTE: USERDOMAIN is not compatible with /netonly.
    > >
    > > --
    > > Hope this helps,
    > > Zeeshan Mustafa, MCSD
    > >
    > >
    > Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    > System.EventArgs) Handles MyBase.Load
    > Dim psCscript As Process = New Process()
    > With psCscript
    > .StartInfo.FileName = "cmd.exe /C runas
    /user:TEST\Administrator
    > ""cmd.exe /C C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
    > C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"""
    > .StartInfo.Arguments = ""
    > End With
    > psCscript.Start()
    > psCscript.WaitForExit()
    > lblTest.Text = "Prozess beendet um: " & psCscript.ExitTime &
    "<br>"
    > & _
    > "Exit Code: " & psCscript.ExitCode
    > psCscript.Close()
    >
    > lblTest.Text &= "<br> File Name: " & psCscript.StartInfo.FileName
    > lblTest.Text &= "<br> Arguments: " & psCscript.StartInfo.Arguments
    > End Sub
    >
    > But i dont know how to react on the password prompt.
    > I executed this:
    > runas /user:TEST\Administrator "cmd.exe /C
    > C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
    > C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"
    > and it prompted for the password. Then i entered the password, and the vb
    > script gets executed correctly. So is there a way to react on the password
    > prompt?
    >
    > regards Benni
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  17. #17

    Default Re: Calling CreateProcessWithLogonW

    Hallo Joe,
    "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com> schrieb
    im Newsbeitrag news:uSGEWIOaEHA.3988tk2msftngp13.phx.gbl...
    > You will need to redirect the input and output streams of the Process
    class
    > so that you can send and receive text using them. This might work better
    if
    > you call runas directly instead of calling it from a VBScript, but either
    > might work.
    >
    > To redirect the streams, you need to set UseShellExecute to False and set
    > RedirectStandardInput and RedirectStandardOutput to true. Then, you read
    > and write to the streams on the Process instance.
    >
    > Joe K.
    >
    Okay this is what i got so far:

    Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    System.EventArgs) Handles MyBase.Load
    Dim psCscript As Process = New Process()
    With psCscript
    .StartInfo.RedirectStandardInput = True
    .StartInfo.RedirectStandardOutput = True
    .StartInfo.UseShellExecute = False
    .StartInfo.FileName = "cmd"
    .StartInfo.Arguments = " /C runas /user:TEST\Administrator ""cmd.exe
    /C C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
    C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"""
    End With
    psCscript.Start()
    Dim myStreamWriter As StreamWriter = psCscript.StandardInput
    myStreamWriter.WriteLine("myPassword")
    myStreamWriter.Close()
    psCscript.WaitForExit()
    lblTest.Text = "Process ended: " & psCscript.ExitTime & "<br>" & _
    "Exit Code: " & psCscript.ExitCode
    lblTest.Text &= "<br> File Name: " & psCscript.StartInfo.FileName
    lblTest.Text &= "<br> Arguments: " & psCscript.StartInfo.Arguments
    psCscript.Close()
    End Sub

    The result page displays:

    Process ended: 15.07.2004 09:42:12
    Exit Code: 0
    File Name: cmd
    Arguments: /C runas /user:TEST\Administrator "cmd.exe /C
    C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
    C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"

    But nothing happens. If i use this line:

    cmd /C runas /user:TEST\Administrator "cmd.exe /C
    C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
    C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"

    with Start > Execute on the TEST machine, it works.
    So i know there isnt much to track down the error, but maybe someone has an
    idea how it could be tracked down.

    regards benni


    Benjamin Bittner Guest

  18. #18

    Default Re: Calling CreateProcessWithLogonW

    I have no idea why that isn't working. I'd suggest trying it from a console
    application where you can set it to create a window and add some
    thread.sleep statements to see if you can actually see what's going on.
    Maybe it will be obvious.

    You might also try calling runas directly instead of calling it through cmd.

    Joe K.

    "Benjamin Bittner" <benjamin_bittner[a_t]nospam.web.de> wrote in message
    news:eoyqMDkaEHA.3684TK2MSFTNGP09.phx.gbl...
    > Hallo Joe,
    > "Joe Kaplan (MVP - ADSI)" <joseph.e.kaplanremovethis.accenture.com>
    schrieb
    > im Newsbeitrag news:uSGEWIOaEHA.3988tk2msftngp13.phx.gbl...
    > > You will need to redirect the input and output streams of the Process
    > class
    > > so that you can send and receive text using them. This might work
    better
    > if
    > > you call runas directly instead of calling it from a VBScript, but
    either
    > > might work.
    > >
    > > To redirect the streams, you need to set UseShellExecute to False and
    set
    > > RedirectStandardInput and RedirectStandardOutput to true. Then, you
    read
    > > and write to the streams on the Process instance.
    > >
    > > Joe K.
    > >
    >
    > Okay this is what i got so far:
    >
    > Private Sub Page_Load(ByVal sender As System.Object, ByVal e As
    > System.EventArgs) Handles MyBase.Load
    > Dim psCscript As Process = New Process()
    > With psCscript
    > .StartInfo.RedirectStandardInput = True
    > .StartInfo.RedirectStandardOutput = True
    > .StartInfo.UseShellExecute = False
    > .StartInfo.FileName = "cmd"
    > .StartInfo.Arguments = " /C runas /user:TEST\Administrator
    ""cmd.exe
    > /C C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
    > C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"""
    > End With
    > psCscript.Start()
    > Dim myStreamWriter As StreamWriter = psCscript.StandardInput
    > myStreamWriter.WriteLine("myPassword")
    > myStreamWriter.Close()
    > psCscript.WaitForExit()
    > lblTest.Text = "Process ended: " & psCscript.ExitTime & "<br>" & _
    > "Exit Code: " & psCscript.ExitCode
    > lblTest.Text &= "<br> File Name: " & psCscript.StartInfo.FileName
    > lblTest.Text &= "<br> Arguments: " & psCscript.StartInfo.Arguments
    > psCscript.Close()
    > End Sub
    >
    > The result page displays:
    >
    > Process ended: 15.07.2004 09:42:12
    > Exit Code: 0
    > File Name: cmd
    > Arguments: /C runas /user:TEST\Administrator "cmd.exe /C
    > C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
    > C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"
    >
    > But nothing happens. If i use this line:
    >
    > cmd /C runas /user:TEST\Administrator "cmd.exe /C
    > C:\test_webs\tmpl.loopline.de\docs\mkw3site.vbs -r
    > C:\test_webs\tmpl.test.de -t xyzclient.test.de -o 8080"
    >
    > with Start > Execute on the TEST machine, it works.
    > So i know there isnt much to track down the error, but maybe someone has
    an
    > idea how it could be tracked down.
    >
    > regards benni
    >
    >

    Joe Kaplan \(MVP - ADSI\) Guest

  19. #19

    Default Back to Original question

    Hi Benjamin.
    I solved this problem in a totally different way. I used WMI to create the process. I don't know if it will do it for you but here is my code anyway.
    I wish you good luck in your quest for a soloution.

    Don't forget to:
    <code>
    Imports System.Management
    fnStartProcess()
    ' Create Connections options
    Dim options As New ConnectionOptions()
    Dim servername as String = "ServerName"
    options.Username = "RD\" & Session("User")
    options.Password = Session("Passw")
    'Create a scope to work in
    Dim WmiScope As New ManagementScope("\\" & Servernamn & "\root\cimv2", options)
    WmiScope.Connect()

    'Put user code to initialize the page here
    'Get the object on which the method will be invoked
    Dim processClass As New ManagementClass("Win32_Process")
    processClass.Scope = WmiScope


    'Get an input parameters object for this method
    Dim inParams As ManagementBaseObject = processClass.GetMethodParameters("Create")

    'Fill in input parameter values
    inParams("CommandLine") = "calc.exe"' Or whatever application you want

    'Execute the method
    Dim outParams As ManagementBaseObject = processClass.InvokeMethod("Create", inParams, Nothing)

    'Display results
    'Note: The return code of the method is provided in the "returnValue" property of the outParams object
    Response.Write(("Creation of calculator process returned: " & outParams("returnValue").ToString))
    Response.Write(("Process ID: " & outParams("processId").ToString))
    end function
    </code>
    Alstersjo Guest

Similar Threads

  1. Calling Cfc's
    By tgs1952 in forum Coldfusion - Advanced Techniques
    Replies: 3
    Last Post: April 29th, 01:23 PM
  2. Calling StorageProcedure
    By Devinim ÞÖLEN in forum ASP.NET Data Grid Control
    Replies: 0
    Last Post: December 15th, 08:59 PM
  3. HELP! CreateProcessWithLogonW issue
    By charlie@nunya.com in forum ASP.NET Web Services
    Replies: 25
    Last Post: September 10th, 12:15 AM
  4. Calling an HTA from an HTA
    By McKirahan in forum ASP Components
    Replies: 0
    Last Post: August 24th, 03:11 PM
  5. [PHP] Function calling from url
    By Larry E . Ullman in forum PHP Development
    Replies: 0
    Last Post: September 6th, 05:25 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139