CreateProcessAsUser and delete ACL
in [Win32 Kernel]
|
From: Dorel Sturm on 1 Jun 2007 09:49 Hi, I have a service that is creating processes for a specific user using the MS code provided in http://support.microsoft.com/kb/165194/EN-US/ This is working OK except that after a while I get the error "Not enough quota is available to process this command.". I know that the ACL lists for the worksation and desktop are somehow "limited" and the problems are caused by AddTheAceWindowStation and AddTheAceDesktop. What I need is the opposite for these functions sort of RemoveTheAceWindowStation and RemoveTheAceDesktop. I know when the process ends up (I wait for it to finish) so removing is "very easy". However I'm not a specialist in manipulating ACE and ACL. Any example code will be very helpful. Dorel Sturm
From: Skywing [MVP] on 4 Jun 2007 11:41 If you are using LsaLogonUser, a better alternative is to include the logon SID of the interactive user in the groups included with token used with the new process. That way, you don't have to modify the ACL and won't run into the ACL-sizing problem. IIRC, RunAs on XP or later uses this approach instead of modifying the ACL. -- Ken Johnson (Skywing) Windows SDK MVP http://www.nynaeve.net "Dorel Sturm" <dodo(a)poleposition-sw.com> wrote in message news:f3p85v$l7t$1(a)murphy.mediascape.de... > Hi, > > I have a service that is creating processes for a specific user using the > MS code provided in > > http://support.microsoft.com/kb/165194/EN-US/ > > This is working OK except that after a while I get the error "Not enough > quota is available to process this command.". I know that the ACL lists > for the worksation and desktop are somehow "limited" and the problems are > caused by AddTheAceWindowStation and AddTheAceDesktop. What I need is the > opposite for these functions sort of RemoveTheAceWindowStation and > RemoveTheAceDesktop. I know when the process ends up (I wait for it to > finish) so removing is "very easy". However I'm not a specialist in > manipulating ACE and ACL. > > Any example code will be very helpful. > > Dorel Sturm > >
|
Pages: 1 Prev: how to interpret memory dump Next: Hook chain using TEB->Win32ThreadInfo |