how to get enough privilege to use LogonUser?

[TH Lim]

Hi,

I tried win32security.LogonUser(...) method according to the
ActiveState document. However, I was thrown the exception 'Not all
privileges referenced are assigned to the caller.'

The code I used is shown below (AdjustPrivilege is copied from Mark
Hammond's example), please advise. Thank you

===begin

import win32api
import win32security
import win32con
from ntsecuritycon import *

def AdjustPrivilege(priv, enable = 1):
    # Get the process token.
    flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY 
    htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),flags)
    # Get the ID for the privilege.
    id = win32security.LookupPrivilegeValue(None, priv)
    # Now obtain the privilege for this process.
    # Create a list of the privileges to be added.
    if enable:
        newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
    else:
        newPrivileges = [(id, 0)]
    # and make the adjustment.
    win32security.AdjustTokenPrivileges(htoken, 0, newPrivileges)

if __name__ == '__main__' :
    print "1"
    AdjustPrivilege(SE_TCB_NAME)
    print "2"
    AdjustPrivilege(SE_CHANGE_NOTIFY_NAME)
    print "3"
    AdjustPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)
    
    handle = win32security.LogonUser('dct_thlim', None, 'cybert0uch',\
        win32con.LOGON32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)
    win32security.ImpersonateLoggedOnUser(handel)
    print win32api.GetUserName()
    handle.close()
    win32security.RevertToSelf() #terminates impersonation
    print win32api.GetUserName()


=== end