Re: Win32::AdminMisc::LogonAsUser does not seem to work.

If you look inside the source for Win32::AdminMisc::LogonAsUser, you will see that it is essentially a simple wrapper function for the LogonUser and ImpersonateLoggedOnUser functions from the Windows Platform SDK. There are a few more conditions that the Platform SDK notes but aren't in the Win32::AdminMisc documentation although none relating to using it on a domain or with Win2k server. You can check out the LogonUser docs through MSDN here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/logonuser.asp and ImpersonateLoggedOnUser here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/impersonateloggedonuser.asp

A good first step will definitely be to track down what Win32::GetLastError reports.

Comment on Re: Win32::AdminMisc::LogonAsUser does not seem to work.

Replies are listed 'Best First'.
Re: Re: Win32::AdminMisc::LogonAsUser does not seem to work. by Marza (Vicar) on Jul 29, 2002 at 17:04 UTC
Thanks that actually did explain the problem! You can't do this with win2k. It is an adminmisc problem. Man I do wish Dave had time to maintain it. LOGON32_LOGON_NETWORK_CLEARTEXT Windows 2000/XP: This logon type preserves the name and password in the authentication packages, allowing the server to make connections to other network servers while impersonating the client. This allows a server to accept clear text credentials from a client, call LogonUser, verify that the user can access the system across the network, and still communicate with other servers. LOGON32_LOGON_NEW_CREDENTIALS Windows 2000/XP: This logon type allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. This logon type is supported only by the LOGON32_PROVIDER_WINNT50 logon provider. Shoot. I will have to firgure out another method!	[reply]

Replies are listed 'Best First'.

Re: Re: Win32::AdminMisc::LogonAsUser does not seem to work.
by Marza (Vicar) on Jul 29, 2002 at 17:04 UTC

Thanks that actually did explain the problem! You can't do this with win2k. It is an adminmisc problem. Man I do wish Dave had time to maintain it.

LOGON32_LOGON_NETWORK_CLEARTEXT Windows 2000/XP: This logon type preserves the name and password in the authentication packages, allowing the server to make connections to other network servers while impersonating the client. This allows a server to accept clear text credentials from a client, call LogonUser, verify that the user can access the system across the network, and still communicate with other servers.

LOGON32_LOGON_NEW_CREDENTIALS Windows 2000/XP: This logon type allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identity, but uses different credentials for other network connections. This logon type is supported only by the LOGON32_PROVIDER_WINNT50 logon provider.

Shoot. I will have to firgure out another method!

[reply]