Форум: "KOL";
Текущий архив: 2011.12.25;
Скачать: [xml.tar.bz2];

Вниз

CreateRestrictedToken   Найти похожие ветки 

← →
Jon ©   (2009-03-08 14:17) [0]

Does anyone have a working example of how to use the Win32 API function CreateRestrictedToken?

I am trying to create a process as a limited/restricted user, but I cannot get the above token created.

---

← →
MTsv DN   (2009-03-08 15:30) [1]

Try this:
http://www.codeproject.com/KB/system/RunUser.aspx

or this:
http://www.sendspace.com/file/u8m73f

---

← →
Jon ©   (2009-03-08 16:35) [2]

Thanks - but first link is in C++ (which I find confusing) and second link does not use CreateRestrictedToken...

---

← →
MTsv DN   (2009-03-08 17:50) [3]

I thought you want "create a process as a limited/restricted user"... function Process_RunAsSystem(ApplicationName: String; IntegrityLevel: TIntegrityLevel): Boolean; overload; and some functions such as _Process_RunAsSystem_1 are exist in unit RunAsSystem... Showing works with CreateProcessWithToken, GetTokenInformation and other... I thought these shall been useful for you...

---

← →
jon ©   (2009-03-08 18:08) [4]

Understood - I shall try again. Thank you very much.

---

← →
имя   (2009-04-09 21:42) [5]

Удалено модератором

---

← →
Игорь ©   (2009-04-21 08:08) [6]

const
 DISABLE_MAX_PRIVILEGE = $1;

function CreateRestrictedToken(ExistingTokenHandle: THandle; Flags: Longword;
 DisableSidCount: Longword; var SidToDisable: SID_AND_ATTRIBUTES;
 DeletePrivilegeCount: Longword; var PrivilegesToDelete: LUID_AND_ATTRIBUTES;
 RestrictedSidCount: Longword; var SidToRestrict: SID_AND_ATTRIBUTES; var NewTokenHandle: THandle): Longword; stdcall; external "Advapi32.dll" name "CreateRestrictedToken";

procedure TForm1.Button1Click(Sender: TObject);
var
 hToken, hNewToken: THandle;
 SidToDisable, SidToRestrict: SID_AND_ATTRIBUTES;
 PrivilegesToDelete: LUID_AND_ATTRIBUTES;
 SI: STARTUPINFO;
 PI: PROCESS_INFORMATION;
begin
 OpenProcessToken(GetCurrentProcess, MAXIMUM_ALLOWED, hToken);
 CreateRestrictedToken(hToken, DISABLE_MAX_PRIVILEGE, 0, SidToDisable, 0, PrivilegesToDelete, 0, SidToRestrict, hNewToken);
 if ImpersonateLoggedOnUser(hNewToken) then
 begin
   ZeroMemory(@SI, SizeOf(SI));
   SI.cb:= SizeOf(SI);
   CreateProcessAsUser(hNewToken, PChar(Application.ExeName), "", nil, nil, False,
     CREATE_DEFAULT_ERROR_MODE, nil, nil, SI, PI);
   RevertToSelf;
 end;
end;

---

Страницы: 1 вся ветка

Форум: "KOL";
Текущий архив: 2011.12.25;
Скачать: [xml.tar.bz2];

Наверх

Память: 0.46 MB
Время: 0.003 c