Is it possible to impersonate a user without supplying user name/password? Basically, I'd like to get the CSIDL_LOCAL_APPDATA for a user (not the current one) using the ShGetFolderPath() function. All I currently have is a SID for that user.
Asked
Active
Viewed 5,730 times
8
Vertexwahn
- 7,709
- 6
- 64
- 90
dennisV
- 1,119
- 3
- 19
- 34
2 Answers
9
You can impersonate a user without supplying password by calling ZwCreateToken. See the CreatePureUserToken function in this article: GUI-Based RunAsEx You must be running as an admin (or LocalSystem) for this to work.
Another technique is to use Windows Subauthentication Packages. This allows you to override windows built-in authentication and allow a LogonUser to succeed even if no password was supplied. See this KB article.
6
No, you have to call Win32 API LogonUser function to get windows account token back so you can then impersonate.
Esteban Araya
- 29,284
- 24
- 107
- 141
-
Hmm, that explains why I can't get it work properly... Is there any other way to get that path? Thanks. – dennisV Sep 26 '08 at 01:34