By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
440,304 Members | 3,172 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 440,304 IT Pros & Developers. It's quick & easy.

impersonation win2000 to XP

P: n/a
how can i impersonate from win2000 to WinXP?
MSDN gives example how to implemet impersonation from XP to XP, but not from
win2000 to XP, and it
doesn't say what to do with win2000!!!
any ideas?
workarounds?
Thanx!
// This sample demonstrates the use of the WindowsIdentity class to
impersonate a user.
// IMPORTANT NOTES:
// This sample can be run only on Windows XP. The default Windows 2000
security policy
// prevents this sample from executing properly, and changing the policy to
allow
// proper execution presents a security risk.

ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassIm personateTopic.htm

Nov 16 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Run the "local policy editor" and add the user account running your code to
the list of accounts having 'act as part of the operating system' user
right.
But before you do this think about the security implications, and try to
solve your 'problem' without a need to impersonate.
Willy.

"Grei" <da*****************@zg.htnet.hr> wrote in message
news:cp**********@ls219.htnet.hr...
how can i impersonate from win2000 to WinXP?
MSDN gives example how to implemet impersonation from XP to XP, but not
from win2000 to XP, and it
doesn't say what to do with win2000!!!
any ideas?
workarounds?
Thanx!
// This sample demonstrates the use of the WindowsIdentity class to
impersonate a user.
// IMPORTANT NOTES:
// This sample can be run only on Windows XP. The default Windows 2000
security policy
// prevents this sample from executing properly, and changing the policy
to
allow
// proper execution presents a security risk.

ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassIm personateTopic.htm

Nov 16 '05 #2

P: n/a
I really need impersonation, and can't afford such security hole.
can i use any COM library?
Was it possible before .Net?

"Willy Denoyette [MVP]" <wi*************@pandora.be> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...
Run the "local policy editor" and add the user account running your code
to the list of accounts having 'act as part of the operating system' user
right.
But before you do this think about the security implications, and try to
solve your 'problem' without a need to impersonate.
Willy.

"Grei" <da*****************@zg.htnet.hr> wrote in message
news:cp**********@ls219.htnet.hr...
how can i impersonate from win2000 to WinXP?
MSDN gives example how to implemet impersonation from XP to XP, but not
from win2000 to XP, and it
doesn't say what to do with win2000!!!
any ideas?
workarounds?
Thanx!
// This sample demonstrates the use of the WindowsIdentity class to
impersonate a user.
// IMPORTANT NOTES:
// This sample can be run only on Windows XP. The default Windows 2000
security policy
// prevents this sample from executing properly, and changing the policy
to
allow
// proper execution presents a security risk.

ms-help://MS.VSCC.2003/MS.MSDNQTR.2003FEB.1033/cpref/html/frlrfSystemSecurityPrincipalWindowsIdentityClassIm personateTopic.htm


Nov 16 '05 #3

P: n/a

"Grei" <da*****************@zg.htnet.hr> wrote in message
news:cp**********@ls219.htnet.hr...
I really need impersonation, and can't afford such security hole.
can i use any COM library?
Was it possible before .Net?


This has nothing to do with .NET.
It's always been like this on Windows OS prior to XP and W2K3. ON NT4 and
W2K, only the SYSTEM account (LocalSystem) has this privilege (call
LogonUser) by default.
Just curious, why do you need to impersonate?.
All depends on what exactly you want to achieve, possibly you can use
System.EnterpriseServices to run your code in the security context hosted
environment (COM+).
Willy.
Nov 16 '05 #4

P: n/a
i want to copy a file from computer that is on domain to computer outside of
domain.
when trying to access shared directory on comp outside domain auth. is
requred.
"Willy Denoyette [MVP]" <wi*************@pandora.be> wrote in message
news:Oh**************@TK2MSFTNGP11.phx.gbl...

"Grei" <da*****************@zg.htnet.hr> wrote in message
news:cp**********@ls219.htnet.hr...
I really need impersonation, and can't afford such security hole.
can i use any COM library?
Was it possible before .Net?


This has nothing to do with .NET.
It's always been like this on Windows OS prior to XP and W2K3. ON NT4 and
W2K, only the SYSTEM account (LocalSystem) has this privilege (call
LogonUser) by default.
Just curious, why do you need to impersonate?.
All depends on what exactly you want to achieve, possibly you can use
System.EnterpriseServices to run your code in the security context hosted
environment (COM+).
Willy.

Nov 16 '05 #5

P: n/a

"Grei" <da*****************@zg.htnet.hr> wrote in message
news:cp**********@ls219.htnet.hr...
i want to copy a file from computer that is on domain to computer outside
of domain.
when trying to access shared directory on comp outside domain auth. is
requred.

If I my understanding is correct, you simply have to copy a file from a
domain member server called A to a non domain member called B, right?
In that case you DON'T have to impersonate, you have to establish a network
logon session using the alternate credentials valid on B.
Network logon sessions are best created from the command line or from a
logon script.
Say you are interactively logged on to A as user Grei and you need a network
logon session as user Alice with B, following command;

net use \\B\sharename alicesPwd user:B\alice

establishes a network logon session for user 'Grei' on A with server B using
Alice's credentials to access/read/write the folders/files on B.
This command can be placed in a logon script that executes when Grei logs
on.
It's also possible to create a network logon session from your code using
PInvoke to call Win32 API NetUseAdd, but this is only needed when you have
to establish a network logon session for a non interactive logon session (a
Windows service for instance).

Willy.


Nov 16 '05 #6

P: n/a
Thank you very much!
I really appritiate you help.
This sounds like soloution to my problem, i'll have a chance to test it on
Monday.
Thanx again man!
"Willy Denoyette [MVP]" <wi*************@pandora.be> wrote in message
news:%2****************@TK2MSFTNGP10.phx.gbl...

"Grei" <da*****************@zg.htnet.hr> wrote in message
news:cp**********@ls219.htnet.hr...
i want to copy a file from computer that is on domain to computer outside
of domain.
when trying to access shared directory on comp outside domain auth. is
requred.

If I my understanding is correct, you simply have to copy a file from a
domain member server called A to a non domain member called B, right?
In that case you DON'T have to impersonate, you have to establish a
network logon session using the alternate credentials valid on B.
Network logon sessions are best created from the command line or from a
logon script.
Say you are interactively logged on to A as user Grei and you need a
network logon session as user Alice with B, following command;

net use \\B\sharename alicesPwd user:B\alice

establishes a network logon session for user 'Grei' on A with server B
using Alice's credentials to access/read/write the folders/files on B.
This command can be placed in a logon script that executes when Grei logs
on.
It's also possible to create a network logon session from your code using
PInvoke to call Win32 API NetUseAdd, but this is only needed when you have
to establish a network logon session for a non interactive logon session
(a Windows service for instance).

Willy.

Nov 16 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.