Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it possible for a Windows service impersonate a user without a password?

Tags:

c#

.net

windows-services

Is it possible for a C# Windows service running as Local System or Local Service to impersonate another user without needing a password for that user?

How would this be done?

Note: My motivation for this is to be able to run user specific WMI queries in a service. The WMI calls I'm making (to the OfflineFiles WMI API) are user sensitive, and they only work when I run my service as the user whose data I want to query. I don't want users to have to enter their usernames and passwords when installing the service, so I'd like to just run the service as Local System or something, and impersonate the user I care about.

like image 578
Eric Avatar asked Nov 29 '11 00:11

Eric

People also ask

How to impersonate a user in Windows?

To impersonate another user you must first retrieve the security information of the user you want to impersonate, cache that information in a security context structure, and then later use the information in the security context structure to send the impersonated messages.

What is Windows impersonation?

Impersonation is the ability of a thread to execute using different security information than the process that owns the thread. Typically, a thread in a server application impersonates a client.

What is Active Directory impersonation?

Impersonation is the ability of a thread to execute in a security context different from that of the process owning the thread. The server thread uses an access token representing the client's credentials, and with this, it can access resources that the client can access.

1 Answers

Assuming you only need start impersonation whilst the relevant user is logged on, you could:

  1. Locate relevant user session using EnumProcesses (eg http://msdn.microsoft.com/en-us/library/windows/desktop/ms682623(v=vs.85).aspx) [winapi]
  2. OpenProcessToken() on relevant user process [winapi]
  3. DuplicateToken() with impersonation privileges [winapi]
  4. Create a new WindowsIdentity() using the result of DuplicateToken
  5. Call .Impersonate on your new identity from step 4

Once the token has been duplicated, it doesn't matter if the user logs of - the impersonation in your service remains.

Apparently the API the undocumented ZwCreateToken winapi function can achieve this although also, but I have never used it and may break at anytime in future.

like image 91
geoffreys Avatar answered Sep 21 '22 05:09

geoffreys
Sign in to Comment

Related questions

Can a Windows Service take hours to shutdown gracefully?
How can I set a file to be writeable by all users?
Programmatically detach debugger
Linq - operating on lists of lists
WPF ListboxItem and ContextMenu
TypeDescriptor.GetProperties vs. Type.GetProperties
How does reassigning a disposable object variable work?
Convert numeric types: Which style to use?
Kinect crop image
SQL connection string for microsoft access 2010 .accdb
OSI Layer 2 Network Programming
Add line break after 3 commas
'ExecuteReader requires an open and available Connection. The connection's current state is open'
.NET Xml serializer optional attributes
C# program causes bluescreen?
How do you get the properties, operators and values from an Expression<Func<T, bool>> predicate?
C# Class is IEnumerable AND an IEnumerator at the same time. What are the issues with this?
How to expose the Text property of a UserControl? [duplicate]
Detect if IRC user is a "voice" or higher [C# irc bot]
The Code Analysis-friendly way to dispose of objects

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!