[cvsnt-dev] Re: NtCreateToken & SeImpersonatePrivilege

Tony Hoyle tmh at nodomain.org
Fri May 21 12:24:08 BST 2004

Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.

On Thu, 20 May 2004 22:16:17 +0000 (UTC), "KJK::Hyperion"
<noog at libero.it> wrote:

>What were exactly the problems in using NtCreateToken on Windows XP and 
>later? and doesn't Windows 2000 support SeImpersonatePrivilege since 
>Service Pack 4?

Win2003 does not just any process to call NtCreateToken - they must be
one of a few highly privileged processes, not just 'System'.  This
makes it very hard for 3rd party apps to use.  You need to use an LSA
authentication layer as CVSNT now does.

SeImpersonatePrivilege does not exist in Win2k/XP only Win2003 (it's
added in Service Pack 2 of XP also).


More information about the cvsnt-dev mailing list