Francois Piette wrote:
>>>>              ImpersonateContext as well as RevertContext.
>>>> ImpersonateContext              will make the calling thread run in
>>>> the security context of the              authenticated user.
>>> I'm using LogonUser, ImpersonateLoggedOnUser and RevertToSelf in
>>> some of my applications. What are the differences between those and
>>> ImpersonateContext and RevertContext ?
>> LogonUser works only if your account has 'Act As Part Of The
>> Operating System' privileges. Beside that I think they are the same.
> LogonUser work if the already logged on user (that is the session
> user) has "Log on locally" permission. I don't think 'Act As Part Of
> The Operating System' privileges is related to LogonUser.

That differs depending on the Winnt version. I think in XP the SE_TCB_NAME
privilege is no longer required, bravo M$. 

"Windows 2000:  The process calling LogonUser requires the SE_TCB_NAME 
privilege. If the calling process does not have this privilege, LogonUser fails 
and GetLastError returns ERROR_PRIVILEGE_NOT_HELD. In some cases, the process 
that calls LogonUser must also have the SE_CHANGE_NOTIFY_NAME privilege 
enabled; otherwise, LogonUser fails and GetLastError returns 
ERROR_ACCESS_DENIED. This privilege is not required for the local system 
account or accounts that are members of the administrators group. By default, 
SE_CHANGE_NOTIFY_NAME is enabled for all users, but some administrators may 
disable it for everyone. For more information about privileges, see Privileges."

There are also differences between NT4 and 2K, in one of the versions it had 
to be enabled before calling LogonUser and in one of the versions LogonUser
enables it as necessary.

> Contribute to the SSL Effort. Visit
> --
> Author of ICS (Internet Component Suite, freeware)
> Author of MidWare (Multi-tier framework, freeware)
To unsubscribe or change your settings for TWSocket mailing list
please goto
Visit our website at

Reply via email to