Environment: VC6 Sp5,vs 2005,win2k+,platform SDK
In order to start the program in another user context, Win2K provides a command-line program tool--runas. The same functionality can be found on the web (such as www.codeguru.com) and code. I was asked to make a version of the graphical user interface for this tool. This article is written for this purpose. In order not to "reinvent the wheel", my work is based on the predecessors to achieve.
This program has a good graphical user interface so you don't have to enter too many parameters at the command line, as shown in the picture:
In addition, you can also:
Select the target desktop in the interface and run the program you want on the target desktop. I provide a desktop list to choose from, double-click can be;
The button on the left of the password edit box checks to see if the username/password is correct;
Use the button to the right of the user name to select the user from the list of user names in the local machine, double-click it;
CreateProcessAsUser and LogonUser require the following four privileges:
SeIncreaseQuotaPrivilege;
SeAssignPrimaryTokenPrivilege;
SeChangeNotifyPrivilege;
SeTcbPrivilege;
By default, these privileges are not required by the administrator. You can press the privilege button at the bottom of the dialog box and select Enable these privileges in the pop-up dialog box (just a single logout and a login again). If you do not like this graphical user interface program, please use the console command-line program--cmdasuser provided by Martyn Brown.
If you do not enter a username and password, the program will start with the "SYSTEM" account.
There is a list of commonly used programs that you can choose as the "RunAs" program whose internal code uses the LSA series API to handle account privileges, using LogonUser and CreateProcessAsUser to complete the work. When you ask for a "system" account to start, it takes a little bit of work--open the system process, adjust the token and reopen it by adding token_duplicate, Token_assign_primary, token_query permissions.
Finally, thanks to the author of "Programming Server-side applications for Mircosoft Windows 2000", my program framework code draws on the example of this book.
Instructions added: After you have added the required privileges by pressing "privilege", be sure to rellog (log off/log back in) to make it effective.
This article supporting source code