Pythin createprocessasuser -- OpenProcessToken, 'Access is denied.'

Roger Upole rupole at hotmail.com
Mon Jun 14 18:17:40 EDT 2004 

You'll probably need to call AdjustTokenPrivileges before LogonUser, since
you need
SE_TCB_NAME enabled for the calling process.  Also, you don't need to do
ImpersonateUser
in order to call CreateProcessAsUser.  If you do, you might have to enable
some privs for
the logon token you're impersonating as well as your original process token.
Another thing to keep in mind is that AdjustTokenPrivileges doesn't fail if
you try to enable a
privilege you don't have at all.  win32security.GetTokenInformation(<token
handle>,TokenPrivileges)
will list your privs and their current state.
  hth
     Roger

"Pete Fong" <pm823 at macau.ctm.net> wrote in message
news:9a361bc.0406132315.73f2db7a at posting.google.com...
> Dear all,
>
> I am a beginner with Python. I want to write a program as "runas" in
> Windows XP.
> But I have got the following error:
> File
"C:\Python23\Lib\site-packages\Pythonwin\pywin\framework\scriptutils.py",
> line 310, in RunScript
>     exec codeObject in __main__.__dict__
>   File "C:\python\Script1.py", line 30, in ?
>   File "C:\python\Script1.py", line 14, in AdjustPrivilege
>     print "Started as: ", win32api.GetUserName()
> error: (5, 'OpenProcessToken', 'Access is denied.')
>
> There is my program :
>
> import win32security
> import win32process
> import win32api
> import win32con
> import sys
> import time
> import os
> from ntsecuritycon import *
>
>
> def AdjustPrivilege(priv, enable = 1):
>     # Get the process token.
>     flags = TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY
>     htoken = win32security.OpenProcessToken(win32api.GetCurrentProcess(),
> flags)
>     # Get the ID for the privilege.
>     id = win32security.LookupPrivilegeValue(None, priv)
>     # Now obtain the privilege for this process.
>     # Create a list of the privileges to be added.
>     if enable:
>         newPrivileges = [(id, SE_PRIVILEGE_ENABLED)]
>     else:
>         newPrivileges = [(id, 0)]
>         win32security.AdjustTokenPrivileges(handel, 0, newPrivileges)
>     # and make the adjustment.
>
>
>
handel=win32security.LogonUser('administrator','domain','pwd',win32con.LOGON
32_LOGON_INTERACTIVE,win32con.LOGON32_PROVIDER_DEFAULT)
>
> win32security.ImpersonateLoggedOnUser(handel)
> AdjustPrivilege(SE_TCB_NAME)
> AdjustPrivilege(SE_INCREASE_QUOTA_NAME)
> AdjustPrivilege(SE_ASSIGNPRIMARYTOKEN_NAME)
> AdjustPrivilege(TOKEN_DUPLICATE)
> AdjustPrivilege(TOKEN_IMPERSONATE)
> AdjustPrivilege(SE_CHANGE_NOTIFY_NAME)
>
>
>
> print "Started as: ", win32api.GetUserName()
> #this prints target username, impersonation successful
>
>
win32process.CreateProcessAsUser(handel,None,'notepad',None,None,0,0,None,No
ne,win32process.STARTUPINFO())
> #os.execv('c:', 'notepad')
> #os.execv(path, args)
> #runs program, not as target user
>
>
> win32security.RevertToSelf()
> handel.Close()
>
>
> Could anyone help me ? What's wrong ? Thanks a lot ?
>
> Best Regards,
> Pete Fong

More information about the Python-list mailing list