[cvsnt-dev] Re: NtCreateToken & SeImpersonatePrivilege

Tony Hoyle tmh at nodomain.org
Fri May 21 22:38:09 BST 2004


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


KJK::Hyperion wrote:


> 
> hmmm:
> 
> D:\Documents and Settings\Administrator>privcheck | findstr /I impersonate
> SeImpersonatePrivilege *
> 
> This on a Windows 2000 Service Pack 4

It could just be hardcoded into privcheck (no reference to this in google so I 
can't try it myself.. a homegrown app???).  Even if such a privilege exists in 
Win2kSP4 (but not in XP??? that *would* be odd) it never actually did anything 
until Win2k3 started enforcing it.

See 
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure03132003.asp
and
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncode/html/secure03132003.asp

for some disussion of the changes in 2003.

And for the create token issue (no official microsoft stuff but then they 
never officially acknowledged the existence of the function anyway):

http://groups.google.com/groups?selm=g6ppev8pvl1q2e95c4ma7sgaabrr52n6ov%404ax.com

Tony

-- 
Te audire no possum. Musa sapientum fixa est in aure.

Tony Hoyle <tmh at nodomain.org>  Key ID: 104D/4F4B6917 2003-09-13
Fingerprint: 063C AFB4 3026 F724 0AA2  02B8 E547 470E 4F4B 6917


More information about the cvsnt-dev mailing list