|Perl Monk, Perl Meditation|
Creating a process as a normal user without password (Linux 'su' for Windows 7?)by stringZ (Acolyte)
|on Nov 03, 2011 at 02:09 UTC||Need Help??|
stringZ has asked for the
wisdom of the Perl Monks concerning the following question:
Does anyone know if there's a library or tool which could create a process as a normal user that has empty password. The situation is the following. My application runs with full administrative credentials (as a Windows service) under a LUA-enabled Windows 7. There are normal users (with limited rights) who are logged on locally (has their desktop shown), they can open applications (run processes) by double-clicking icons or from the command-line. I would like my service to create a process impersonating one of these logged on users. These users don't and won't have password, so Win32::AdminMisc::CreateProcessAsUser() is not an option since it requires LogonAsUser() which fails to impersonate a user with empty password. Running an application as a different user is also impossible with the command-line tool RUNAS. I understand this is for security reasons, but a network service should be able to somehow bypass this. So I'm looking for a solution similar to the su (or login -f) command under Linux. It doesn't require a password if you're root. My network service has elevated rights over the normal users I want it to impersonate.
I have an older thread in which I asked about creating a process with elevated privileges using the Windows API.
You can replace the string runas by open, in this case it won't elevate, but run theProgram.exe as the current user. Jenda, who wrote me this answer, noted that I can use runasuser instead of runas, but I don't understand how it would fit in this syntax. Is it possible with ShellExecute()?
If there is no solution with my configuration, is there any if I disable LUA (still need to run as another user)?