Hey there,

Does anyone know if there's a library or tool which could create a process as a normal user that has empty password. The situation is the following. My application runs with full administrative credentials (as a Windows service) under a LUA-enabled Windows 7. There are normal users (with limited rights) who are logged on locally (has their desktop shown), they can open applications (run processes) by double-clicking icons or from the command-line. I would like my service to create a process impersonating one of these logged on users. These users don't and won't have password, so Win32::AdminMisc::CreateProcessAsUser() is not an option since it requires LogonAsUser() which fails to impersonate a user with empty password. Running an application as a different user is also impossible with the command-line tool RUNAS. I understand this is for security reasons, but a network service should be able to somehow bypass this. So I'm looking for a solution similar to the su (or login -f) command under Linux. It doesn't require a password if you're root. My network service has elevated rights over the normal users I want it to impersonate.
Is there any solution or API call?

I have an older thread in which I asked about creating a process with elevated privileges using the Windows API.
One of the answers I got suggested using Win32::FileOp::ShellExecute(). Its syntax is the following:

Win32::FileOp::ShellExecute( runas => 'theProgram.exe' )

[download]

You can replace the string runas by open, in this case it won't elevate, but run theProgram.exe as the current user. Jenda, who wrote me this answer, noted that I can use runasuser instead of runas, but I don't understand how it would fit in this syntax. Is it possible with ShellExecute()?

If there is no solution with my configuration, is there any if I disable LUA (still need to run as another user)?

Thank you,
stringZ

In reply to Creating a process as a normal user without password (Linux 'su' for Windows 7?) by stringZ

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.