开发者

Conditions where ImpersonateLoggedOnUser fails

I have a Windows service that uses ImpersonateLoggedOnUser in order to drop the system permissions and run another application using the current users rights.

If the call to ImpersonateLoggedOnUser fails, an application executed by the service is going to 开发者_高级运维have to have system rights by design, which is not good. I fixed this by checking the return value.

Now I try to determine if it is possible to make that function call fail.

Is there any case where this might happen, without modifying the application and without administrator rights? (and without the fix, of course)

If yes, how?

HANDLE hToken;
OpenProcessToken( hProcess, MAXIMUM_ALLOWED, &hToken );
ImpersonateLoggedOnUser( hToken );
[...]

Thanks!


ImpersonateLoggedOnUser will fail if you don't have the impersonate privilege or if the handle in question is invalid.

I'm not sure if there are other failure modes for the API.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜