From: Jackie on
Jackie wrote:
>> Cool, thanks. I'll work on it a bit more tomorrow (it's too late now) and
>> will post what I find.
>>
>> In the meantime, I'm curious, why are you calling DuplicateToken() on a
>> token?
>
> The very short answer: If you don't, you will get some sort of "no
> impersonation token" error when calling CheckTokenMembership.

Just so you don't get me the wrong way, it was not meant in a bad way. :)

I also missed a cast on line 43 but it compiles anyway without the casts.
I can recall using AllocateAndInitializeSid before to check if a user is
an admin, at least.. Maybe you can use that one as well instead of
CreateWellKnownSid if you somehow feel like it.

--
Regards,
Jackie
From: nki00 on
>> The very short answer: If you don't, you will get some sort of "no
>> impersonation token" error when calling CheckTokenMembership.
>
> Just so you don't get me the wrong way, it was not meant in a bad way. :)
>

:) How can I complain, you help me....


> I also missed a cast on line 43 but it compiles anyway without the casts.
> I can recall using AllocateAndInitializeSid before to check if a user is
> an admin, at least.. Maybe you can use that one as well instead of
> CreateWellKnownSid if you somehow feel like it.
>
> --
> Regards,
> Jackie


Works as a charm on XP, Vista, 7 but CreateWellKnownSid is not present on
Win2K and I can't figure out an alternative -- could it be
AllocateAndInitializeSid? But it has a totally different parameters.

Also, Jackie, is there like a good book or an online resource on the Windows
NT security APIs? I just can't read the Microsoft documentation.

Thanks again!


From: Jackie on
nki00 wrote:
>>> The very short answer: If you don't, you will get some sort of "no
>>> impersonation token" error when calling CheckTokenMembership.
>>
>> Just so you don't get me the wrong way, it was not meant in a bad way. :)
>>
>
> :) How can I complain, you help me....
>
>
>> I also missed a cast on line 43 but it compiles anyway without the casts.
>> I can recall using AllocateAndInitializeSid before to check if a user is
>> an admin, at least.. Maybe you can use that one as well instead of
>> CreateWellKnownSid if you somehow feel like it.
>>
>> --
>> Regards,
>> Jackie
>
>
> Works as a charm on XP, Vista, 7 but CreateWellKnownSid is not present on
> Win2K and I can't figure out an alternative -- could it be
> AllocateAndInitializeSid? But it has a totally different parameters.
>
> Also, Jackie, is there like a good book or an online resource on the Windows
> NT security APIs? I just can't read the Microsoft documentation.
>
> Thanks again!
>
>

You can use AllocateAndInitializeSid in that case, yes. It's not always
easy to understand everything on MSDN in my opinion, and sometimes you
may think "Okay you can't use this... What's the alternative?
(Nothing?)" or "Which parameters should I use?". This happens in my case
at least. Not always clear on MSDN. :(

But here's a new one using AllocateAndInitializeSid instead:
http://pastebin.com/cD56bZdC

Hopefully I got the right parameters to use.
You can have a look here:
http://msdn.microsoft.com/en-us/library/aa379649

This may be helpful as well:
http://msdn.microsoft.com/en-us/library/Aa379602

"SDDL_BUILTIN_GUESTS
Built-in guests. The corresponding RID is DOMAIN_ALIAS_RID_GUESTS"

So I must have gotten that one right at least. :)

--
Regards,
Jackie
From: nki00 on
> But here's a new one using AllocateAndInitializeSid instead:
> http://pastebin.com/cD56bZdC
>

Hey, thanks again. Sorry for my delayed response. I've been busy with some
other stuff.

There's a bug though. The code works on XP and on Vista as well, but if I
right-click this process and select run as Administrator it will not report
it as a guest account.


From: Jackie on
nki00 wrote:
>> But here's a new one using AllocateAndInitializeSid instead:
>> http://pastebin.com/cD56bZdC
>>
>
> Hey, thanks again. Sorry for my delayed response. I've been busy with some
> other stuff.

That's okay. Thanks for letting me know. :)

> There's a bug though. The code works on XP and on Vista as well, but if I
> right-click this process and select run as Administrator it will not report
> it as a guest account.

Does it work fine when using CreateWellKnownSid in this case?

Which SID does it return instead?
You can use ConvertSidToStringSid and then check the numbers like
explained at the bottom here:
http://msdn.microsoft.com/en-us/library/aa379597%28VS.85%29.aspx

And are you trying to run this as an administrator from the guest account?

--
Regards,
Jackie