Hello
i have a strange problem. I'm using LogonUser to impersonate the user
under which my program must run. On Win XP or Server 2003 it works. But
on 2000 it doesn't. So i found out, to set SE_TCB_NAME privileg - it
doesn't work. Then i read somewhere that this only work for local users
and not domain users and so the changes in the domain policy don't
work.
But the strangest thing i've found out after some tests: LogonUser
works after i installed a standard SQL Server 2000 installation. And it
looks like, that this doesn't change my policy. But before the
installation i've always got error 1314 when try to impersonate. And
after the installation of SQL Server 2000 there is absolutly NO problem
to impersonate.
Does anybody know what the installation of SQL Server do with the
system so that it works and how i could do this manually.
Test-server was Windows 2000 Server and Advanced Server with SP4,
Rollup 1 for SP4 and all updates available from windows update
hope somebody could help
6  1865 
"nild" <ni*********@gm ail.comwrote in message
news:11******** *************@f 1g2000cwa.googl egroups.com...
Hello
i have a strange problem. I'm using LogonUser to impersonate the user
under which my program must run. On Win XP or Server 2003 it works. But
on 2000 it doesn't. So i found out, to set SE_TCB_NAME privileg - it
doesn't work. Then i read somewhere that this only work for local users
and not domain users and so the changes in the domain policy don't
work.
But the strangest thing i've found out after some tests: LogonUser
works after i installed a standard SQL Server 2000 installation. And it
looks like, that this doesn't change my policy. But before the
installation i've always got error 1314 when try to impersonate. And
after the installation of SQL Server 2000 there is absolutly NO problem
to impersonate.
Does anybody know what the installation of SQL Server do with the
system so that it works and how i could do this manually.
Nothing, you probably did not restart the system after you did change the TCB privilege, but
you did after (during) SQL install.
Willy.
i restarted the system after setting the TCB privilege. And i've not
restarted it after installing SQL Server 2000.
Willy Denoyette [MVP] schrieb:
"nild" <ni*********@gm ail.comwrote in message
news:11******** *************@f 1g2000cwa.googl egroups.com...
Hello
i have a strange problem. I'm using LogonUser to impersonate the user
under which my program must run. On Win XP or Server 2003 it works. But
on 2000 it doesn't. So i found out, to set SE_TCB_NAME privileg - it
doesn't work. Then i read somewhere that this only work for local users
and not domain users and so the changes in the domain policy don't
work.
But the strangest thing i've found out after some tests: LogonUser
works after i installed a standard SQL Server 2000 installation. And it
looks like, that this doesn't change my policy. But before the
installation i've always got error 1314 when try to impersonate. And
after the installation of SQL Server 2000 there is absolutly NO problem
to impersonate.
Does anybody know what the installation of SQL Server do with the
system so that it works and how i could do this manually.
Nothing, you probably did not restart the system after you did change the TCB privilege, but
you did after (during) SQL install.
Willy.
Because after i found out that LogonUser works after successfully
installed MS CRM 3. So i've tried to find out after which service
pack/program/whatever the LogonUser works. I've set up a new Server
2000 installation and changed nothing on the policy. I've just
installed one update after another and checked everytime if LogonUser
works. And after installing SQL Server 2000 it worked after changing
manually the policy
nild schrieb:
i restarted the system after setting the TCB privilege. And i've not
restarted it after installing SQL Server 2000.
Willy Denoyette [MVP] schrieb:
"nild" <ni*********@gm ail.comwrote in message
news:11******** *************@f 1g2000cwa.googl egroups.com...
Hello
>
i have a strange problem. I'm using LogonUser to impersonate the user
under which my program must run. On Win XP or Server 2003 it works. But
on 2000 it doesn't. So i found out, to set SE_TCB_NAME privileg - it
doesn't work. Then i read somewhere that this only work for local users
and not domain users and so the changes in the domain policy don't
work.
But the strangest thing i've found out after some tests: LogonUser
works after i installed a standard SQL Server 2000 installation. And it
looks like, that this doesn't change my policy. But before the
installation i've always got error 1314 when try to impersonate. And
after the installation of SQL Server 2000 there is absolutly NO problem
to impersonate.
>
Does anybody know what the installation of SQL Server do with the
system so that it works and how i could do this manually.
>
Nothing, you probably did not restart the system after you did change the TCB privilege, but
you did after (during) SQL install.
Willy.
"nild" <ni*********@gm ail.comwrote in message
news:11******** **************@ a3g2000cwd.goog legroups.com...
>i restarted the system after setting the TCB privilege. And i've not
restarted it after installing SQL Server 2000.
Weird, All I can say is that it should work by setting the TCB privilege for the account
that calls LogonUser() (something extremely unsecure by the way), the account should log off
after setting this privilege. I don't see what SQL server has to do with this.
Note also that error code 1314 means : A required privilege is not held by the client. Which
makes me think that the TCB privilege was not set or not in effect.
Willy.
I've tried with setting the TCB privilege but it didn't work. I've
restarted the machine about half an hour later so that the policy is
really updated. i logged on once again and it didn't work. And after
installing SQL Server 2000 it worked without restart and without
setting the TCB privilege. I really don't know what SQL Server do so
that it works.
Willy Denoyette [MVP] schrieb:
"nild" <ni*********@gm ail.comwrote in message
news:11******** **************@ a3g2000cwd.goog legroups.com...
i restarted the system after setting the TCB privilege. And i've not
restarted it after installing SQL Server 2000.
Weird, All I can say is that it should work by setting the TCB privilege for the account
that calls LogonUser() (something extremely unsecure by the way), the account should log off
after setting this privilege. I don't see what SQL server has to do with this.
Note also that error code 1314 means : A required privilege is not held by the client. Which
makes me think that the TCB privilege was not set or not in effect.
Willy.
"nild" <ni*********@gm ail.comwrote in message
news:11******** **************@ i12g2000cwa.goo glegroups.com.. .
I've tried with setting the TCB privilege but it didn't work. I've
restarted the machine about half an hour later so that the policy is
really updated. i logged on once again and it didn't work. And after
installing SQL Server 2000 it worked without restart and without
setting the TCB privilege. I really don't know what SQL Server do so
that it works.
Let's make thing clear to make sure we are talking about the same thing, you say that, even
after granting the TCB privilege to the account that runs the program that calls "LogonUser
", this call fails with an error 1314?
Well, this isn't the expected behavior, LogonUser() on w2k and below requires the TCB
privilege to be granted to the caller that's all, SQL server is in no way related to this.
Wonder how you are testing this, mind to post the failing code?
Willy. This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Mike |
last post by:
Any help would be greatly appreciated.
Based on MS KB article Q248187 (HOWTO: Impersonate a User from Active
Server Pages), I developed an ActiveX DLL (using VB6.0 Enterprise
SP5), and deployed to a corporate web site under NT Server 4.0 SP6a
/IIS4.0, expressly to retrieve Office documents contained on the
server's DASD, but outside the "view" of the web site, which uses
home-grown ASP session security. Works great!
However, migrating...
|
by: Chris Halcrow |
last post by:
Hi
I've spent ALL DAY trying to re-install SQL Server 2000 on Windows XP.
I continually get the error 'cannot configure server' just at the end
of the installation. I've tried the following:
- Removing SQL server from 'Program Files' folder following an
unsuccessful attempt to re-install, and entirely removing the registry
entry 'HKEY_CURRENT_USER > SOFTWARE > Microsoft > MSSQLServer', as
well as the corresponding entry under...
|
by: Nimi |
last post by:
When I run my application , the LogonUser method fails the exception is
"LogonUser failed with error code :1314".
I know the error is because of some privileges .
I am using Windows 2000 sp4. I have not enabled the SE_TCB_NAME previlege.
Do we need to enable this ?
I enabled privileges using this:
ManagementObject mo = new ManagementObject(new ManagementPath( ));
|
by: Trevor Best |
last post by:
SQLServer 2000, after installing SP4 I get a lot of stop errors as
noted in the subject. KB suggests hardware failure but so far I haven't
found any faulty componants. The errors started happening just after
installing SP4. Anyone else noticed this?
|
by: BLiTZWiNG |
last post by:
Having a few strage behaviours with this function, mainly in that when I try
to logon to another computer with a different name/pass to the current user
of the local machine, it tries to impersonate me, not the credentials I gave
it.
LogonUser succeeds only when using LOGON32_LOGON_NEW_CREDENTIALS (9). Any
other LogonType causes error 126: Specified module could not be found -
whatever that means...
The initial...
| | |
by: plmanikandan |
last post by:
Hi,
i need to use logonuser api in c# for windows 2000.
Logonuser api is working fine in windowsXp,Windows2003 server.in
windows 2000 for running logonuser api we need SE_TCB_NAME
Privilege(act as part of operating system).i need to set the
SE_TCB_NAME Privilege programatically with out restarting the
|
by: schaf |
last post by:
Hi NG !
I used the examples on the internet to create a Impersonate class which
allows me to log on as another user. After logged on as the new user I
could access files on a remote computer, which is in the same domain.
So I tried the same on a computer which is not in the same domain. I
could not access these files.
I saw this in the MSDN:
"You cannot use LogonUser to log on to a remote computer"
So now I'm a little confused. It is...
|
by: Sajid |
last post by:
I use LogonUser for user authentication against AD. When I run this in XP is
works fine. But it gives me a Win32 Error 1314 (ERROR_PRIVILEGE_NOT_HELD) in
Win 2000. Any idea why and how do I solve it?
|
by: bob |
last post by:
Hi
My Project has 2 servers, a Web Server(Windows 2000) and a DB
Sever(Windows 2003).
DB Server has an account called "testAccount"
on Web Server, there is a shared folder named "Test", the
"testAccount" has the full control of the "Test" folder.
i wrote a .exe file to logon to DB Sever to fetch a file with the
account "testAccount".code like this:
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
| | |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
