Hi there,
I have a simple question, In my network provider dll I am hooking the
NPLogonNotify() routine. Here I wish to add some components or run some
applications in the logged on user’s context (I do not wish to return a
script to the MPR), but I do not know how to impersonate the user’s context.
Are there any API calls that I can use?
Thanks
Adam
Try looking at SetThreadToken in the Win32 Platform SDK - that will give you the starting point for how to impersonate. The UM docs are quite a lot better on this topic than the KM docs, and user impersonation is a common technique for servers (for example) so there’s a body of knowledge that is really outside this list.
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com
I better rephrase the question, I wish to do something (example: create
symbolic links) that is only available and seen to the logging on client.
If I impersonate a client useing LogonUser() I am basically creating a new
session whereby any think I add to it will not be seen by the real user,
since this impersonating session will then stop as its handle will be
closed.
I want to, whatever I create will then be seen by the client when he/she
logs on. It is very strange, since I am doing this in the NPLogonNotify()
and there is no way to do something on behave of the client!
Only the mpr.dll can run a script in the real user’s context, which is not
what I want.
Welcome to the wonderful world of restricted security.
I haven’t looked at this area in great detail in many years, but what I suspect you want is an LSA add-on. By being part of the Local Security Authority you have greater visibility into user access to the box. I don’t recall (surely someeone else on list does though) whether single sign on is done via the LSA add-on or the GINA mechanism but both are documented in the Platform SDK docs.
Tony
Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com