Menu
Is it possible for a C# Windows service running as Local System or Local Service to impersonate another user without needing a password for that user?
How would this be done?
Note: My motivation for this is to be able to run user specific WMI queries in a service. The WMI calls I'm making (to the OfflineFiles WMI API) are user sensitive, and they only work when I run my service as the user whose data I want to query. I don't want users to have to enter their usernames and passwords when installing the service, so I'd like to just run the service as Local System or something, and impersonate the user I care about.
578
To impersonate another user you must first retrieve the security information of the user you want to impersonate, cache that information in a security context structure, and then later use the information in the security context structure to send the impersonated messages.
Impersonation is the ability of a thread to execute using different security information than the process that owns the thread. Typically, a thread in a server application impersonates a client.
Impersonation is the ability of a thread to execute in a security context different from that of the process owning the thread. The server thread uses an access token representing the client's credentials, and with this, it can access resources that the client can access.
Assuming you only need start impersonation whilst the relevant user is logged on, you could:
Once the token has been duplicated, it doesn't matter if the user logs of - the impersonation in your service remains.
Apparently the API the undocumented ZwCreateToken winapi function can achieve this although also, but I have never used it and may break at anytime in future.
91
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
