Is there a Windows C++ API to execute a command as a different user ? I am trying to mount a CIFS share from a service which is running as sys admin and I am currently logged in as a Kiosk user so when I try to mount the share using "net use .." I get access denied.
Asked
Active
Viewed 498 times
0
-
[A service should not directly access local or network resources through mapped drive letters, nor should it call the net use command to map drive letters at run time.](https://msdn.microsoft.com/en-us/library/windows/desktop/ms685143.aspx) Is there some reason that you can't just use the UNC path? – theB Jun 23 '16 at 23:09
-
I can't use the UNC path directly. – Falguni Jul 18 '16 at 17:30
1 Answers
0
With CreateProcessWithLogin, you can execute a command with an arbitrary user provided you have valid credentials. Alternatively, can can use a combination of LogonUser and CreateProcessAsUser / CreateProcessWithToken.
Rather than requiring credentials including a password stored as plaintext (not recommended from a security POV), you could also grant required permissions to the kiosk user so that the current user context is sufficient for accessing the data and/or mapping the network drive.
If that is not an option, your application could have a manually configured persistent network drive as a prerequisite. The credentials would then be managed by Windows.
horstr
- 2,377
- 12
- 22