Dear all,
I am a beginner with Python. I want to write a program as "runas" in
Windows XP.
But I have got the following error:
File "C:\Python23\Lib\site-packages\Pythonwin\pywin\framework\scriptutils.py" ,
line 310, in RunScript
exec codeObject in __main__.__dict__
File "C:\python\Script1.py", line 30, in ?
File "C:\python\Script1.py", line 14, in AdjustPrivilege
print "Started as: ", win32api.GetUserName()
error: (5, 'OpenProcessToken', 'Access is denied.')
There is my program :
import win32security
import win32process
import win32api
import win32con
import sys
import time
import os
from ntsecuritycon import *
def AdjustPrivilege(priv, enable = 1):
# Get the process token.
flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
htoken = win32security.OpenProcessToken(win32api.GetCurrent Process(),
flags)
# Get the ID for the privilege.
id = win32security.LookupPrivilegeValue(None, priv)
# Now obtain the privilege for this process.
# Create a list of the privileges to be added.
if enable:
newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
else:
newPrivileges = [(id, 0)]
win32security.AdjustTokenPrivileges(handel, 0, newPrivileges)
# and make the adjustment.
handel=win32security.LogonUser('administrator','do main','pwd',win32con.LOGON32_LOGON_INTERACTIVE,win 32con.LOGON32_PROVIDER_DEFAULT)
win32security.ImpersonateLoggedOnUser(handel)
AdjustPrivilege(SE_TCB_NAME)
AdjustPrivilege(SE_INCREASE_QUOTA_NAME)
AdjustPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)
AdjustPrivilege(TOKEN_DUPLICATE)
AdjustPrivilege(TOKEN_IMPERSONATE)
AdjustPrivilege(SE_CHANGE_NOTIFY_NAME)
print "Started as: ", win32api.GetUserName()
#this prints target username, impersonation successful
win32process.CreateProcessAsUser(handel,None,'note pad',None,None,0,0,None,None,win32process.STARTUPI NFO())
#os.execv('c:', 'notepad')
#os.execv(path, args)
#runs program, not as target user
win32security.RevertToSelf()
handel.Close()
Could anyone help me ? What's wrong ? Thanks a lot ?
Best Regards,
Pete Fong
4  6368 
Pete Fong wrote: I am a beginner with Python. I want to write a program as "runas" in
Windows XP.
handel=win32security.LogonUser('administrator','do main','pwd',win32con.LOGON32_LOGON_INTERACTIVE,win 32con.LOGON32_PROVIDER_DEFAULT)
IIRC, you can't use these win32 calls if you don't hav e appropriate rights.
Only administrators and backup users can do impersonation (see msdn or such
for details).
(I think Explorer gets around it by delegating the impersonation to some
system service).
You'll probably need to call AdjustTokenPrivileges before LogonUser, since
you need
SE_TCB_NAME enabled for the calling process. Also, you don't need to do
ImpersonateUser
in order to call CreateProcessAsUser. If you do, you might have to enable
some privs for
the logon token you're impersonating as well as your original process token.
Another thing to keep in mind is that AdjustTokenPrivileges doesn't fail if
you try to enable a
privilege you don't have at all. win32security.GetTokenInformation(<token
handle>,TokenPrivileges)
will list your privs and their current state.
hth
Roger
"Pete Fong" <pm***@macau.ctm.net> wrote in message
news:9a*************************@posting.google.co m... Dear all,
I am a beginner with Python. I want to write a program as "runas" in
Windows XP.
But I have got the following error:
File
"C:\Python23\Lib\site-packages\Pythonwin\pywin\framework\scriptutils.py" , line 310, in RunScript
exec codeObject in __main__.__dict__
File "C:\python\Script1.py", line 30, in ?
File "C:\python\Script1.py", line 14, in AdjustPrivilege
print "Started as: ", win32api.GetUserName()
error: (5, 'OpenProcessToken', 'Access is denied.')
There is my program :
import win32security
import win32process
import win32api
import win32con
import sys
import time
import os
from ntsecuritycon import *
def AdjustPrivilege(priv, enable = 1):
# Get the process token.
flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
htoken = win32security.OpenProcessToken(win32api.GetCurrent Process(),
flags)
# Get the ID for the privilege.
id = win32security.LookupPrivilegeValue(None, priv)
# Now obtain the privilege for this process.
# Create a list of the privileges to be added.
if enable:
newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
else:
newPrivileges = [(id, 0)]
win32security.AdjustTokenPrivileges(handel, 0, newPrivileges)
# and make the adjustment.
handel=win32security.LogonUser('administrator','do main','pwd',win32con.LOGON
32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEF AULT)
win32security.ImpersonateLoggedOnUser(handel)
AdjustPrivilege(SE_TCB_NAME)
AdjustPrivilege(SE_INCREASE_QUOTA_NAME)
AdjustPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)
AdjustPrivilege(TOKEN_DUPLICATE)
AdjustPrivilege(TOKEN_IMPERSONATE)
AdjustPrivilege(SE_CHANGE_NOTIFY_NAME)
print "Started as: ", win32api.GetUserName()
#this prints target username, impersonation successful
win32process.CreateProcessAsUser(handel,None,'note pad',None,None,0,0,None,No
ne,win32process.STARTUPINFO()) #os.execv('c:', 'notepad')
#os.execv(path, args)
#runs program, not as target user
win32security.RevertToSelf()
handel.Close()
Could anyone help me ? What's wrong ? Thanks a lot ?
Best Regards,
Pete Fong
Roger Upole wrote: You'll probably need to call AdjustTokenPrivileges before LogonUser, since
you need
SE_TCB_NAME enabled for the calling process.
Can processes started under users that don't have that privilege acquire it
just like that?
No, AdjustTokenPrivileges doesn't actually add privileges.
It just enables privileges that you already have that aren't enabled
by default. Administrative privileges (SE_SECURITY_NAME, SE_TCB_NAME, etc)
generally aren't enabled by default. You can use
win32security.LsaAddAccountRights
to add extra privileges to an account. (You can only do so from an admin
account,
of course)
Roger
"Ivan Voras" <iv@an.voras.fer.hr> wrote in message
news:ca**********@bagan.srce.hr... Roger Upole wrote:
You'll probably need to call AdjustTokenPrivileges before LogonUser,
since you need
SE_TCB_NAME enabled for the calling process.
Can processes started under users that don't have that privilege acquire
it just like that? This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Balamurugan KR |
last post by:
I am trying to impersonate and start a new process using the following
steps.
1. LogonUser
2. LoadUserProfile
3. CreateEnvironment Block
4. CreateProcessAsUser.
The above works fine if the ...
|
by: Bo |
last post by:
In my asp.net webservice application, I need to launch a DOS process
as authorized users. To impersonate users, I use <impersonation =
true> in my webconfig. I can't use Diagnostics.Process.Start,...
|
by: Liang Yitao |
last post by:
I used DllImport() to load the function OpenProcessToken
() in advapi32.dll, and then called it in my button click
event. But the function always returns false. I got the
error code it left...
|
by: Niclas |
last post by:
Hi,
I am trying to get a usertoken from a particular process running on the
computer, from a Windows Service to do a Windows group membership of the
user running that process. I was planning to...
|
by: Jay |
last post by:
Hey There,
I am trying to execute the CreateProcessAsUser function, but when I
do, I get this error:
"Cannot create a file when that file already exists.". What would cause
that error to occur in...
|
by: robgallen |
last post by:
I'm having a wierd issue trying to launch a robocopy process via a web
form. To cut a long story short, it works fine when I run it from the
server it is hosted on, but when I access the site from...
|
by: EricBlair |
last post by:
Hello, I wrote a windows service that is supposed to start an interactive GUI app. I realize a service will not readily do this so I've pieced together the code below to bypass that. However, the...
|
by: jg007 |
last post by:
I have been trying to convert some C# code to VB but am getting stuck i've Tried everyting and spent ages on google but keep on getting Error 998 which I checked and is ERROR_NOACCESS when I check...
|
by: private.anders |
last post by:
Hi David!
Really need assistance since I have been struggling with a problem
long time now.
I am running a web application on a Win 2003 Std (Active Directory).
Everything works fine. I have...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: nemocccc |
last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| | |
