how can i impersonate from win2000 to WinXP?
MSDN gives example how to implemet impersonation from XP to XP, but not from
win2000 to XP, and it
doesn't say what to do with win2000!!!
any ideas?
workarounds?
Thanx!
// This sample demonstrates the use of the WindowsIdentity class to
impersonate a user.
// IMPORTANT NOTES:
// This sample can be run only on Windows XP. The default Windows 2000
security policy
// prevents this sample from executing properly, and changing the policy to
allow
// proper execution presents a security risk.
ms-help://MS.VSCC.2003/MS.MSDNQTR.2003 FEB.1033/cpref/html/frlrfSystemSecu rityPrincipalWi ndowsIdentityCl assImpersonateT opic.htm 6 1629
Run the "local policy editor" and add the user account running your code to
the list of accounts having 'act as part of the operating system' user
right.
But before you do this think about the security implications, and try to
solve your 'problem' without a need to impersonate.
Willy.
"Grei" <da************ *****@zg.htnet. hr> wrote in message
news:cp******** **@ls219.htnet. hr... how can i impersonate from win2000 to WinXP? MSDN gives example how to implemet impersonation from XP to XP, but not from win2000 to XP, and it doesn't say what to do with win2000!!! any ideas? workarounds? Thanx!
// This sample demonstrates the use of the WindowsIdentity class to impersonate a user. // IMPORTANT NOTES: // This sample can be run only on Windows XP. The default Windows 2000 security policy // prevents this sample from executing properly, and changing the policy to allow // proper execution presents a security risk.
ms-help://MS.VSCC.2003/MS.MSDNQTR.2003 FEB.1033/cpref/html/frlrfSystemSecu rityPrincipalWi ndowsIdentityCl assImpersonateT opic.htm
I really need impersonation, and can't afford such security hole.
can i use any COM library?
Was it possible before .Net?
"Willy Denoyette [MVP]" <wi************ *@pandora.be> wrote in message
news:%2******** ********@TK2MSF TNGP10.phx.gbl. .. Run the "local policy editor" and add the user account running your code to the list of accounts having 'act as part of the operating system' user right. But before you do this think about the security implications, and try to solve your 'problem' without a need to impersonate. Willy.
"Grei" <da************ *****@zg.htnet. hr> wrote in message news:cp******** **@ls219.htnet. hr... how can i impersonate from win2000 to WinXP? MSDN gives example how to implemet impersonation from XP to XP, but not from win2000 to XP, and it doesn't say what to do with win2000!!! any ideas? workarounds? Thanx!
// This sample demonstrates the use of the WindowsIdentity class to impersonate a user. // IMPORTANT NOTES: // This sample can be run only on Windows XP. The default Windows 2000 security policy // prevents this sample from executing properly, and changing the policy to allow // proper execution presents a security risk.
ms-help://MS.VSCC.2003/MS.MSDNQTR.2003 FEB.1033/cpref/html/frlrfSystemSecu rityPrincipalWi ndowsIdentityCl assImpersonateT opic.htm
"Grei" <da************ *****@zg.htnet. hr> wrote in message
news:cp******** **@ls219.htnet. hr... I really need impersonation, and can't afford such security hole. can i use any COM library? Was it possible before .Net?
This has nothing to do with .NET.
It's always been like this on Windows OS prior to XP and W2K3. ON NT4 and
W2K, only the SYSTEM account (LocalSystem) has this privilege (call
LogonUser) by default.
Just curious, why do you need to impersonate?.
All depends on what exactly you want to achieve, possibly you can use
System.Enterpri seServices to run your code in the security context hosted
environment (COM+).
Willy.
i want to copy a file from computer that is on domain to computer outside of
domain.
when trying to access shared directory on comp outside domain auth. is
requred.
"Willy Denoyette [MVP]" <wi************ *@pandora.be> wrote in message
news:Oh******** ******@TK2MSFTN GP11.phx.gbl...
"Grei" <da************ *****@zg.htnet. hr> wrote in message news:cp******** **@ls219.htnet. hr...I really need impersonation, and can't afford such security hole. can i use any COM library? Was it possible before .Net?
This has nothing to do with .NET. It's always been like this on Windows OS prior to XP and W2K3. ON NT4 and W2K, only the SYSTEM account (LocalSystem) has this privilege (call LogonUser) by default. Just curious, why do you need to impersonate?. All depends on what exactly you want to achieve, possibly you can use System.Enterpri seServices to run your code in the security context hosted environment (COM+).
Willy.
"Grei" <da************ *****@zg.htnet. hr> wrote in message
news:cp******** **@ls219.htnet. hr... i want to copy a file from computer that is on domain to computer outside of domain. when trying to access shared directory on comp outside domain auth. is requred.
If I my understanding is correct, you simply have to copy a file from a
domain member server called A to a non domain member called B, right?
In that case you DON'T have to impersonate, you have to establish a network
logon session using the alternate credentials valid on B.
Network logon sessions are best created from the command line or from a
logon script.
Say you are interactively logged on to A as user Grei and you need a network
logon session as user Alice with B, following command;
net use \\B\sharename alicesPwd user:B\alice
establishes a network logon session for user 'Grei' on A with server B using
Alice's credentials to access/read/write the folders/files on B.
This command can be placed in a logon script that executes when Grei logs
on.
It's also possible to create a network logon session from your code using
PInvoke to call Win32 API NetUseAdd, but this is only needed when you have
to establish a network logon session for a non interactive logon session (a
Windows service for instance).
Willy.
Thank you very much!
I really appritiate you help.
This sounds like soloution to my problem, i'll have a chance to test it on
Monday.
Thanx again man!
"Willy Denoyette [MVP]" <wi************ *@pandora.be> wrote in message
news:%2******** ********@TK2MSF TNGP10.phx.gbl. .. "Grei" <da************ *****@zg.htnet. hr> wrote in message news:cp******** **@ls219.htnet. hr...i want to copy a file from computer that is on domain to computer outside of domain. when trying to access shared directory on comp outside domain auth. is requred.
If I my understanding is correct, you simply have to copy a file from a domain member server called A to a non domain member called B, right? In that case you DON'T have to impersonate, you have to establish a network logon session using the alternate credentials valid on B. Network logon sessions are best created from the command line or from a logon script. Say you are interactively logged on to A as user Grei and you need a network logon session as user Alice with B, following command;
net use \\B\sharename alicesPwd user:B\alice
establishes a network logon session for user 'Grei' on A with server B using Alice's credentials to access/read/write the folders/files on B. This command can be placed in a logon script that executes when Grei logs on. It's also possible to create a network logon session from your code using PInvoke to call Win32 API NetUseAdd, but this is only needed when you have to establish a network logon session for a non interactive logon session (a Windows service for instance).
Willy. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: Ripa Horatiu |
last post by:
Does anyone knows how can I impersonate to another user (basically Administrator) for a piece of my code? I've tried the samples provided by MS but they didn't worked.
--
Horatiu Ripa
|
by: Anil Krishnamurthy |
last post by:
We have an ASP.NET application that uses COM objects through Interop. The
web application requires access to network and database resources and hence,
needs to impersonate a domain account. The problem is that even when it is
configured to run under a certain identity through Web.config, the
impersonation is not carried through to COM library. Consequently, the code
in COM object runs under a local account and any code that needs to access...
|
by: techfuzz |
last post by:
I'm posting my problem experience and solution I found here for other
ASP.NET developers.
I have a web application that uses Forms Authentication with Active
Directory to control access. In this web application, I have search
page that utilizes the Windows Indexing Service (MSIDXS provider).
For reasons I'm not aware of at this time, setting <identity
impersonation="true" /> in the web.config causes an error whenever you
try to search.
|
by: l-touched |
last post by:
Hello,
I have 2 servers disposed in following manner
..- One IIS server (Named IIS-Svr), with a firewall for the Internet output (this server has his own valid IP for Internet), isolated in a Workgroup
(Win2003 Web Server, .NET Framework 1.1, IIS 6.0, ASPX pages, COM+ Applications proxies)
..- One COM+ server (Named COM-Svr), isolated in a Workgroup
(Win2000 Advanced Server, .NET Framework 1.0, COM+ Applications)
|
by: Lambuz |
last post by:
Hi all,
I've got this terrible problem.
I've two Win2000 Advanced Server (ServerA and ServerB) both part of an
Active Directory.
The Active Directory Server is named ServerC.
On ServerA I've published an asp page PageA.asp inside a virtual
directory VirtuaA.
On ServerB I've published an asp page PageB.asp inside a virtual
| |
by: Phil |
last post by:
Hi,
I've currently setup a local user as described in:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnne...
|
by: Patrick |
last post by:
I have an ASP.NET web service whose Web.Config is set to use impersonation
<authentication mode="Windows" />
<identity impersonate="true" />
Within a Web Method, I want to use Multi-threading to spawn off an
asynchronous process, as it takes quite long to return. How could I get the
worker thread to runas the same impersonated user on ASP.NET?
|
by: velvet.graham |
last post by:
I'm having a difficult time with impersonation. I've created an
impersonation class. Here is the code below:
******Impersonation Class Code*********
Imports System
Imports System.Web.Security
Imports System.Runtime.InteropServices
Imports System.Security.Principal
Imports System.DirectoryServices
Imports System.Security.Permissions
|
by: =?Utf-8?B?S2l0dHlIYXdr?= |
last post by:
I am in the process of migrating an II6 environment from a single server to a
network load balanced system. Thus, I am using a virtual directory on a UNC
share to house the dynamic data that the web farm will access.
Since ASP.NET runs as a local account on the IIS servers, I have to use
impersonation to perform any operations on the data that resides on the UNC
share. I am hard-coding the impersonation credentials in the web.config files...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
| |
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
| |
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |