this is a continuation of thread222-548282
below is a copy of the code i am using (from the above thread)
the problem is that logonuser always fails(on command1_click)... no matter what i do!!
can anybody help, i am logged on as administrator and am trying to log "ralph" onto the machine that is calling the logonuser API (i think that makes sense), i have tried being logged on as ralph and trying to impersonate admin and a few other dummi users but to no avail as well!! more info upon request!
PS i am a little concerned about the following section from MSDN:-
The process that calls LogonUser must have the SE_TCB_NAME privilege. The privilege does not need to be enabled. The LogonUser function enables the privilege as necessary. If the calling process does not have this privilege, LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD.
In some cases, the process that calls LogonUser must also have the SE_CHANGE_NOTIFY_NAME privilege enabled; otherwise, LogonUser fails and GetLastError returns ERROR_ACCESS_DENIED. This privilege is not required for the local system account or accounts that are members of the administrators group. By default, SE_CHANGE_NOTIFY_NAME is enabled for all users, but some administrators may disable it for everyone. For more information about privileges, see Privileges.
thnx for any help in advance!!
If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
The Great Date Debate Thread222-368305
File Formats Galore @ or
below is a copy of the code i am using (from the above thread)
the problem is that logonuser always fails(on command1_click)... no matter what i do!!
can anybody help, i am logged on as administrator and am trying to log "ralph" onto the machine that is calling the logonuser API (i think that makes sense), i have tried being logged on as ralph and trying to impersonate admin and a few other dummi users but to no avail as well!! more info upon request!
Code:
Option Explicit
'Private Declare Function PrivilegeCheck Lib "advapi32.dll" (ByVal ClientToken As Long, RequiredPrivileges As PRIVILEGE_SET, ByVal pfResult As Long) As Long
Private Const SE_TCB_NAME = "SeTcbPrivilege"
Private Const SE_PRIVILEGE_ENABLED = &H2
Private Const TOKEN_ADJUST_PRIVILEGES = &H20
Private Const TOKEN_QUERY = &H8
Private Const ANYSIZE_ARRAY = 1
Private Declare Function GetCurrentProcess Lib "kernel32" () As Long
Private Declare Function OpenProcessToken Lib "advapi32.dll" (ByVal ProcessHandle As Long, ByVal DesiredAccess As Long, TokenHandle As Long) As Long
Private Declare Function LookupPrivilegeValue Lib "advapi32.dll" Alias "LookupPrivilegeValueA" (ByVal lpSystemName As String, ByVal lpName As String, lpLuid As LARGE_INTEGER) As Long
Private Declare Function AdjustTokenPrivileges Lib "advapi32.dll" (ByVal TokenHandle As Long, ByVal DisableAllPrivileges As Long, NewState As TOKEN_PRIVILEGES, ByVal BufferLength As Long, PreviousState As TOKEN_PRIVILEGES, ReturnLength As Long) As Long
Private Type LARGE_INTEGER
lowpart As Long
highpart As Long
End Type
Private Type Luid
lowpart As Long
highpart As Long
End Type
Private Type LUID_AND_ATTRIBUTES
pLuid As LARGE_INTEGER
Attributes As Long
End Type
Private Type TOKEN_PRIVILEGES
PrivilegeCount As Long
Privileges(ANYSIZE_ARRAY) As LUID_AND_ATTRIBUTES
End Type
Private Declare Function LogonUser Lib "advapi32" Alias "LogonUserA" (ByVal lpszUsername As String, ByVal lpszDomain As String, ByVal lpszPassword As String, ByVal dwLogonType As Long, ByVal dwLogonProvider As Long, phToken As Long) As Long
Private Declare Function ImpersonateLoggedOnUser Lib "advapi32" (ByVal hToken As Long) As Long
Private Const LOGON32_LOGON_NETWORK = 3
Private Const LOGON32_LOGON_INTERACTIVE = 2
Private Const LOGON32_PROVIDER_DEFAULT = 0
Private Declare Function FormatMessage Lib "kernel32" Alias "FormatMessageA" (ByVal dwFlags As Long, lpSource As Any, ByVal dwMessageId As Long, ByVal dwLanguageId As Long, ByVal lpBuffer As String, ByVal nSize As Long, Arguments As Long) As Long
Private Const FORMAT_MESSAGE_FROM_SYSTEM As Long = &H1000
Private Sub Command1_Click()
MsgBox "Impersonation successful: " & MakeMeImpersonate("ralph", "ralph")
End Sub
' Attempts to make the current thread (i.e the VB program) impersonate Username, using a given Password
' The relevant Domain can also be named. If omitted, account will be verifiedagainst the local account
' database rather than that of a domain
' Function returns non-zero (TRUE) if impersonation is successful, FALSE if not
Private Function MakeMeImpersonate(Username As String, Password As String, Optional Domain As String = ".") As Boolean
Dim result As Long
Dim hToken As Long
If LogonUser(Username, Domain, Password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, hToken) Then
result = ImpersonateLoggedOnUser(hToken)
If Not result Then Err.Raise Err.LastDllError, "MakeMeImpersonate", "ImpersonateLoggedOnUser: " & ApiErrorText(Err.LastDllError)
Else
Err.Raise Err.LastDllError, "MakeMeImpersonate", "Logon User: " & ApiErrorText(Err.LastDllError)
End If
MakeMeImpersonate = result
End Function
Private Function AdjustAccessToken() As Long
Dim hProc As Long
Dim OldTokenStuff As TOKEN_PRIVILEGES
Dim OldTokenStuffLen As Long
Dim NewTokenStuff As TOKEN_PRIVILEGES
Dim NewTokenStuffLen As Long
Dim pSize As Long
Dim result As Long
If OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hProc) Then
If LookupPrivilegeValue(vbNullString, SE_TCB_NAME, OldTokenStuff.Privileges(0).pLuid) Then
NewTokenStuff = OldTokenStuff
NewTokenStuff.PrivilegeCount = 1
NewTokenStuff.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
NewTokenStuffLen = Len(NewTokenStuff)
pSize = Len(NewTokenStuff)
result = AdjustTokenPrivileges(hProc, False, NewTokenStuff, NewTokenStuffLen, OldTokenStuff, OldTokenStuffLen)
End If
End If
If Not result Then Err.Raise Err.LastDllError, "LogonUser", "AdjustToken: " & ApiErrorText(Err.LastDllError)
End Function
Private Sub Command2_Click()
AdjustAccessToken
End Sub
Private Function ApiErrorText(ByVal ErrNum As Long) As String
Dim msg As String
Dim nRet As Long
msg = Space$(1024)
nRet = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, ByVal 0&, ErrNum, 0&, msg, Len(msg), ByVal 0&)
If nRet Then
ApiErrorText = Left$(msg, nRet)
Else
ApiErrorText = "Error (" & ErrNum & ") not defined."
End If
End Function
PS i am a little concerned about the following section from MSDN:-
The process that calls LogonUser must have the SE_TCB_NAME privilege. The privilege does not need to be enabled. The LogonUser function enables the privilege as necessary. If the calling process does not have this privilege, LogonUser fails and GetLastError returns ERROR_PRIVILEGE_NOT_HELD.
In some cases, the process that calls LogonUser must also have the SE_CHANGE_NOTIFY_NAME privilege enabled; otherwise, LogonUser fails and GetLastError returns ERROR_ACCESS_DENIED. This privilege is not required for the local system account or accounts that are members of the administrators group. By default, SE_CHANGE_NOTIFY_NAME is enabled for all users, but some administrators may disable it for everyone. For more information about privileges, see Privileges.
thnx for any help in advance!!
If somethings hard to do, its not worth doing - Homer Simpson
------------------------------------------------------------------------
A General Guide To Excel in VB FAQ222-3383
The Great Date Debate Thread222-368305
File Formats Galore @ or