Registry mapping problem using CreateProcessAsUser

> Hi everyone,

I’m attempting to write a “RunAs” program that will allow me to make
administrative changes to a secure workstation.
The workstation is Windows NT 4.0 (SP 6a) and I have also tried this w/ no
success on Windows 2000 Workstation.

Below is the brief code I am using to perform this function:

Public Function RunProcessAsUser(UserName As String, domain As String,
Password As String, Executable As String, ExecommandLine As String) As
Boolean
Dim user As Long
RunProcessAsUser = False
Dim result As Long

If LogonUser(UserName, domain, Password, LOGON32_LOGON_INTERACTIVE,
LOGON32_PROVIDER_DEFAULT, user) Then
If ImpersonateLoggedOnUser(user) Then
If StartUserProcess(user, Executable, ExecommandLine) Then
'Call CreateProcessAsUser wrapper function.
RunProcessAsUser = True
End If
End If
End If
CloseHandle (user)
End Function

This code successfully logs on the user and executes the process. I have
tested this throughly and it works fine. My problem is that when the new
process executes HKEY_CURRENT_USER is mapped to HKEY_USERS.Default. What
I would like to do is map it to the user who is currently logged into the
workstation and NOT THE USER WHO I AM IMPERSONATING. I have read the
Microsoft Knowledge Base Articles Q168877 & Q199190 which talk about
mapping the impersonated users hives to HKEY_CURRENT_USER, however they do
not talk about the user who is already logged in. Do you know of any what
to do this? I know in Win2k there is a fuction called
RegOverridePredefKey however this does not carry over to child processes
and does not work on NT4.

Thanks for the help,

Yousef Hamade
FIIBG Desktop Engineering
xxxxx@fmr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

>is currently logged into the workstation and NOT THE USER WHO I AM

IMPERSONATING. I have read the Microsoft Knowledge Base Articles
Q168877 & Q199190 which talk about mapping the impersonated users hives
to HKEY_CURRENT_USER, however they do not talk about the user who is
already logged in. Do you know of any what to do this? I know in Win2k

Hi !

If there?s any user currently logged on to the wks then the process
“explorer.exe” will be running under its credentials. You may do the
following: 1) find out the process id of explorer.exe; 2)Get a handle to it
by calling OpenProcess(); 3) Call OpenProcessToken() to get this process
token; 4) Call GetTokenInformation() using TokenUser to get the SID of the
currently logged on user. 5) Enumerate the keys found under HKEY_USERS until
there?s a match with the SID you previously found. The names are in the
format S-1-5-21… or something like that. The matching subkey will
correspond to the HKEY_CURRENT_USER you?ve been looking for. Hope this
helps.

Marcos


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

Marcos,

Thanks for the information, however, the child processes I’m executing using
the CreateProcessAsUser will be reffering to the Current Logged on User (not
the impersonated user) as HKEY_CURRENT_USER. If I controlled all the code
it would be easy to access the hive using the HKEY_USERS<sid>, however I
need the HKEY_CURRENT_USER to map to the user’s Hive.

Thanks,

- Yousef

-----Original Message-----
From: Marcos Balreira de Souza
To: NT Developers Interest List
Sent: 8/3/01 5:56 PM
Subject: [ntdev] RE: Registry mapping problem using CreateProcessAsUser

>is currently logged into the workstation and NOT THE USER WHO I AM
>IMPERSONATING. I have read the Microsoft Knowledge Base Articles
>Q168877 & Q199190 which talk about mapping the impersonated users hives

>to HKEY_CURRENT_USER, however they do not talk about the user who is
>already logged in. Do you know of any what to do this? I know in
Win2k

Hi !

If there?s any user currently logged on to the wks then the process
“explorer.exe” will be running under its credentials. You may do the
following: 1) find out the process id of explorer.exe; 2)Get a handle to
it
by calling OpenProcess(); 3) Call OpenProcessToken() to get this process
token; 4) Call GetTokenInformation() using TokenUser to get the SID of
the
currently logged on user. 5) Enumerate the keys found under HKEY_USERS
until
there?s a match with the SID you previously found. The names are in the
format S-1-5-21… or something like that. The matching subkey will
correspond to the HKEY_CURRENT_USER you?ve been looking for. Hope this
helps.

Marcos


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com