473,225 Members | 1,298 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,225 software developers and data experts.

LogonUser works only after installing SQL Server 2000

Hello

i have a strange problem. I'm using LogonUser to impersonate the user
under which my program must run. On Win XP or Server 2003 it works. But
on 2000 it doesn't. So i found out, to set SE_TCB_NAME privileg - it
doesn't work. Then i read somewhere that this only work for local users
and not domain users and so the changes in the domain policy don't
work.
But the strangest thing i've found out after some tests: LogonUser
works after i installed a standard SQL Server 2000 installation. And it
looks like, that this doesn't change my policy. But before the
installation i've always got error 1314 when try to impersonate. And
after the installation of SQL Server 2000 there is absolutly NO problem
to impersonate.

Does anybody know what the installation of SQL Server do with the
system so that it works and how i could do this manually.

Test-server was Windows 2000 Server and Advanced Server with SP4,
Rollup 1 for SP4 and all updates available from windows update

hope somebody could help

Dec 27 '06 #1
6 1829
"nild" <ni*********@gmail.comwrote in message
news:11*********************@f1g2000cwa.googlegrou ps.com...
Hello

i have a strange problem. I'm using LogonUser to impersonate the user
under which my program must run. On Win XP or Server 2003 it works. But
on 2000 it doesn't. So i found out, to set SE_TCB_NAME privileg - it
doesn't work. Then i read somewhere that this only work for local users
and not domain users and so the changes in the domain policy don't
work.
But the strangest thing i've found out after some tests: LogonUser
works after i installed a standard SQL Server 2000 installation. And it
looks like, that this doesn't change my policy. But before the
installation i've always got error 1314 when try to impersonate. And
after the installation of SQL Server 2000 there is absolutly NO problem
to impersonate.

Does anybody know what the installation of SQL Server do with the
system so that it works and how i could do this manually.
Nothing, you probably did not restart the system after you did change the TCB privilege, but
you did after (during) SQL install.

Willy.

Dec 27 '06 #2
i restarted the system after setting the TCB privilege. And i've not
restarted it after installing SQL Server 2000.

Willy Denoyette [MVP] schrieb:
"nild" <ni*********@gmail.comwrote in message
news:11*********************@f1g2000cwa.googlegrou ps.com...
Hello

i have a strange problem. I'm using LogonUser to impersonate the user
under which my program must run. On Win XP or Server 2003 it works. But
on 2000 it doesn't. So i found out, to set SE_TCB_NAME privileg - it
doesn't work. Then i read somewhere that this only work for local users
and not domain users and so the changes in the domain policy don't
work.
But the strangest thing i've found out after some tests: LogonUser
works after i installed a standard SQL Server 2000 installation. And it
looks like, that this doesn't change my policy. But before the
installation i've always got error 1314 when try to impersonate. And
after the installation of SQL Server 2000 there is absolutly NO problem
to impersonate.

Does anybody know what the installation of SQL Server do with the
system so that it works and how i could do this manually.

Nothing, you probably did not restart the system after you did change the TCB privilege, but
you did after (during) SQL install.

Willy.
Dec 27 '06 #3
Because after i found out that LogonUser works after successfully
installed MS CRM 3. So i've tried to find out after which service
pack/program/whatever the LogonUser works. I've set up a new Server
2000 installation and changed nothing on the policy. I've just
installed one update after another and checked everytime if LogonUser
works. And after installing SQL Server 2000 it worked after changing
manually the policy
nild schrieb:
i restarted the system after setting the TCB privilege. And i've not
restarted it after installing SQL Server 2000.

Willy Denoyette [MVP] schrieb:
"nild" <ni*********@gmail.comwrote in message
news:11*********************@f1g2000cwa.googlegrou ps.com...
Hello
>
i have a strange problem. I'm using LogonUser to impersonate the user
under which my program must run. On Win XP or Server 2003 it works. But
on 2000 it doesn't. So i found out, to set SE_TCB_NAME privileg - it
doesn't work. Then i read somewhere that this only work for local users
and not domain users and so the changes in the domain policy don't
work.
But the strangest thing i've found out after some tests: LogonUser
works after i installed a standard SQL Server 2000 installation. And it
looks like, that this doesn't change my policy. But before the
installation i've always got error 1314 when try to impersonate. And
after the installation of SQL Server 2000 there is absolutly NO problem
to impersonate.
>
Does anybody know what the installation of SQL Server do with the
system so that it works and how i could do this manually.
>
Nothing, you probably did not restart the system after you did change the TCB privilege, but
you did after (during) SQL install.

Willy.
Dec 27 '06 #4
"nild" <ni*********@gmail.comwrote in message
news:11**********************@a3g2000cwd.googlegro ups.com...
>i restarted the system after setting the TCB privilege. And i've not
restarted it after installing SQL Server 2000.
Weird, All I can say is that it should work by setting the TCB privilege for the account
that calls LogonUser() (something extremely unsecure by the way), the account should log off
after setting this privilege. I don't see what SQL server has to do with this.
Note also that error code 1314 means : A required privilege is not held by the client. Which
makes me think that the TCB privilege was not set or not in effect.

Willy.

Dec 27 '06 #5
I've tried with setting the TCB privilege but it didn't work. I've
restarted the machine about half an hour later so that the policy is
really updated. i logged on once again and it didn't work. And after
installing SQL Server 2000 it worked without restart and without
setting the TCB privilege. I really don't know what SQL Server do so
that it works.

Willy Denoyette [MVP] schrieb:
"nild" <ni*********@gmail.comwrote in message
news:11**********************@a3g2000cwd.googlegro ups.com...
i restarted the system after setting the TCB privilege. And i've not
restarted it after installing SQL Server 2000.

Weird, All I can say is that it should work by setting the TCB privilege for the account
that calls LogonUser() (something extremely unsecure by the way), the account should log off
after setting this privilege. I don't see what SQL server has to do with this.
Note also that error code 1314 means : A required privilege is not held by the client. Which
makes me think that the TCB privilege was not set or not in effect.

Willy.
Dec 28 '06 #6
"nild" <ni*********@gmail.comwrote in message
news:11**********************@i12g2000cwa.googlegr oups.com...
I've tried with setting the TCB privilege but it didn't work. I've
restarted the machine about half an hour later so that the policy is
really updated. i logged on once again and it didn't work. And after
installing SQL Server 2000 it worked without restart and without
setting the TCB privilege. I really don't know what SQL Server do so
that it works.
Let's make thing clear to make sure we are talking about the same thing, you say that, even
after granting the TCB privilege to the account that runs the program that calls "LogonUser
", this call fails with an error 1314?
Well, this isn't the expected behavior, LogonUser() on w2k and below requires the TCB
privilege to be granted to the caller that's all, SQL server is in no way related to this.
Wonder how you are testing this, mind to post the failing code?

Willy.
Dec 28 '06 #7

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

6
by: Mike | last post by:
Any help would be greatly appreciated. Based on MS KB article Q248187 (HOWTO: Impersonate a User from Active Server Pages), I developed an ActiveX DLL (using VB6.0 Enterprise SP5), and deployed...
0
by: Chris Halcrow | last post by:
Hi I've spent ALL DAY trying to re-install SQL Server 2000 on Windows XP. I continually get the error 'cannot configure server' just at the end of the installation. I've tried the following: ...
1
by: Nimi | last post by:
When I run my application , the LogonUser method fails the exception is "LogonUser failed with error code :1314". I know the error is because of some privileges . I am using Windows 2000 sp4. I...
1
by: Trevor Best | last post by:
SQLServer 2000, after installing SP4 I get a lot of stop errors as noted in the subject. KB suggests hardware failure but so far I haven't found any faulty componants. The errors started happening...
2
by: BLiTZWiNG | last post by:
Having a few strage behaviours with this function, mainly in that when I try to logon to another computer with a different name/pass to the current user of the local machine, it tries to...
3
by: plmanikandan | last post by:
Hi, i need to use logonuser api in c# for windows 2000. Logonuser api is working fine in windowsXp,Windows2003 server.in windows 2000 for running logonuser api we need SE_TCB_NAME ...
9
by: schaf | last post by:
Hi NG ! I used the examples on the internet to create a Impersonate class which allows me to log on as another user. After logged on as the new user I could access files on a remote computer,...
1
by: Sajid | last post by:
I use LogonUser for user authentication against AD. When I run this in XP is works fine. But it gives me a Win32 Error 1314 (ERROR_PRIVILEGE_NOT_HELD) in Win 2000. Any idea why and how do I solve...
1
by: bob | last post by:
Hi My Project has 2 servers, a Web Server(Windows 2000) and a DB Sever(Windows 2003). DB Server has an account called "testAccount" on Web Server, there is a shared folder named "Test", the...
1
isladogs
by: isladogs | last post by:
The next online meeting of the Access Europe User Group will be on Wednesday 6 Dec 2023 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, Mike...
0
by: VivesProcSPL | last post by:
Obviously, one of the original purposes of SQL is to make data query processing easy. The language uses many English-like terms and syntax in an effort to make it easy to learn, particularly for...
0
by: jianzs | last post by:
Introduction Cloud-native applications are conventionally identified as those designed and nurtured on cloud infrastructure. Such applications, rooted in cloud technologies, skillfully benefit from...
0
by: mar23 | last post by:
Here's the situation. I have a form called frmDiceInventory with subform called subfrmDice. The subform's control source is linked to a query called qryDiceInventory. I've been trying to pick up the...
0
by: abbasky | last post by:
### Vandf component communication method one: data sharing ​ Vandf components can achieve data exchange through data sharing, state sharing, events, and other methods. Vandf's data exchange method...
2
by: jimatqsi | last post by:
The boss wants the word "CONFIDENTIAL" overlaying certain reports. He wants it large, slanted across the page, on every page, very light gray, outlined letters, not block letters. I thought Word Art...
2
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 7 Feb 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:30 (7.30PM). In this month's session, the creator of the excellent VBE...
0
by: stefan129 | last post by:
Hey forum members, I'm exploring options for SSL certificates for multiple domains. Has anyone had experience with multi-domain SSL certificates? Any recommendations on reliable providers or specific...
1
by: davi5007 | last post by:
Hi, Basically, I am trying to automate a field named TraceabilityNo into a web page from an access form. I've got the serial held in the variable strSearchString. How can I get this into the...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.