Logon as a user without a password

In Windows, it is possible to logon as a different domain user without any credentials.  This is known as a S4U or a Service For User Logon.  This is a Microsoft Extension to Kerberos introduced with Windows Server 2003.  There have been several articles and post on this topic but I thought it would be…

0

LogonUser + LOGON32_LOGON_NEW_CREDENTIALS, What is this flag used for?

A new flag was introduced in Windows VISTA for LogonUser(), LOGON32_LOGON_NEW_CREDENTIALS.  https://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx The remarks say the following for this flag: “This logon type allows the caller to clone its current token and specify new credentials for outbound connections. The new logon session has the same local identifier but uses different credentials for other network connections.”…

0

Programmatic Smartcard Logons in Windows

There are several ways for an application to generate a user’s token via a programmatic Smartcard Logon in Windows.  The simplest way is via a call to LogonUser() which typically takes credentials via the user’s password.  You can also utilize LogonUser() to do a SmartCard logon by marshaling the SmartCard Certificate on the system with…

2

How to programmatically create a LogonService or Network Service token with LogonUser?

A lot of Developers have asked if it is possible to generate a token that represents the Local Service or Network Service account without stealing a token.  You can programmatically generate atoken using LogonUser().  Here is the code for doing this: LogonUser(L”LocalService”, L”NT AUTHORITY”, NULL, LOGON32_LOGON_SERVICE, LOGON32_PROVIDER_DEFAULT, &hToken) LogonUser(L”NetworkService”, L”NT AUTHORITY”, NULL, LOGON32_LOGON_SERVICE, LOGON32_PROVIDER_DEFAULT, &hToken)

0

Launching a process as a normal user from an elevated user.

A frequent question from our customers is the ability to launch a non-elevated user from an elevated user.  This can typically happen from an installer application which is elevated and you want to launch an application as a non-elevated user. It turns out you can use CreateProcessWithTokenW() to launch a non-elevated process from an elevated…

0

How to launch a process interactively from a Windows Service?

Launching an interactive process from a service used to be straight forward.  You could either configure your service to be interactive or you could specify “Winsta0\\Default” as the desktop (in CreateProcess API) and as long as the launched process had the appropriate permissions to the desktop, the launched process would run interactively. These techniques stopped working with…

9

How to launch a process as a Full Administrator when UAC is enabled?

With the introduction of User Access Control (UAC) with Windows VISTA, the ability to launch a process as a full administrator when UAC was enabled doesn’t automatically happen anymore.  Typically, you make the following API calls to launch a process as an Administrator (if the current user is not an administrator): You call LogonUser() where…

0

How can my application work when UAC is enabled and fail when it is disabled?

Hello Everyone, My name is Frank Kim and I work in Developer Support.  My expertise is in Windows Security (Authorization + Authentication), Remote Desktop and Windows Services.  For my first blog post, I thought I would discuss an interesting issue encountered by several of my customers. User Access Control (UAC) was introduced in Windows VISTA to…

0

How to use ADSI/LDAP API’s for querying active directory using credentials derived from a Smart Card

There are no ADSI/LDAP API’s that eventually could directly use the Smart Card Credentials. We could follow the steps below: 1.  Get the user credentials by reading in the certificate from the Smart card. 2.  Call LogonUser() to get the user’s token. 3.  Use this token to impersonate the user. 4.  Under the impersonated user’s…


Launching an interactive process from Windows Service in Windows Vista and later

The first thing you should do about it is that, don’t do it. There are many limitations, bad implications and restrictions involved into it. In case, you are in a state that you cannot avoid launching an interactive process from Windows Service then you might want to read this article. Launching an interactive application from…