[cvsnt] Problem with Imersonation

Tony Hoyle tmh at nodomain.org
Tue Jan 27 14:28:05 GMT 2004


Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.


On Tue, 27 Jan 2004 13:28:59 +0100, Mark Aslan Kuschel
<iis at irgendware.net> wrote:

>
>   Hello List-Members,
>   I installed CVSnt on my Windows 2003 Server, but I can't get the
>   pserver protocol running.

Which version?  Win2003 pserver impersonation is hard (impossible??)
to get working before version 2.0.21.

>   I read in the FAQ that the User the service is running with needs the
>   rights:
>   1. act as part of the operating system
>   2. create a process token
>   3. create a system level token

Win2003 actually disables ability of processes to create tokens, and
it's impossible to grant the privilege (I guess someone with enough
experience could manage it but by default you can't get around it).

btw. Win2003 also has a separate impersonation privilege, as mentioned
in the FAQ.

LocalSystem has all the required privileges anyway by default unless
you've disabled them (with the above caveat).  You don't need to worry
about them unless you've changed the user that the service runs under.

The following can help:

a) Don't use pserver if possible - sspi is much better.
b) Use the same usernames/passwords that exist on your system, in
which case you don't need the extra privileges (as cvsnt will just
call LogonUser internally).
c) Use the latest cvsnt with either S4U (if you have a win2003 active
directory controller) or the Lsa helper DLL.

Tony




More information about the cvsnt mailing list
Download the latest CVSNT, TortosieCVS, WinCVS etc. for Windows 8 etc.
@CVSNT on Twitter   CVSNT on Facebook