SumTingWong

In-script user impersonation

2 posts in this topic

#1 ·  Posted (edited)

You can use the following UDF to run code inside a script as another user. Useful if you want to use built-in file and registry management functions as an admin user without calling an external script.

There are some limitations so I suggest you read up on LogonUser. For example, calling this API on Windows 2000 requires the SE_TCB_NAME privilege which your non-admin user won't have.

To impersonate a local user, set the domain parameter to "."

Global Const $LOGON32_LOGON_INTERACTIVE = 2
Global Const $LOGON32_LOGON_NETWORK = 3
Global Const $LOGON32_LOGON_BATCH = 4
Global Const $LOGON32_LOGON_SERVICE = 5
Global Const $LOGON32_LOGON_UNLOCK = 7
Global Const $LOGON32_LOGON_NETWORK_CLEARTEXT = 8
Global Const $LOGON32_LOGON_NEW_CREDENTIALS = 9

Global Const $LOGON32_PROVIDER_DEFAULT = 0
Global Const $LOGON32_PROVIDER_WINNT35 = 1
Global Const $LOGON32_PROVIDER_WINNT40 = 2
Global Const $LOGON32_PROVIDER_WINNT50 = 3

ConsoleWrite(_Impersonate("myadminusername", "mydomain", "mypassword") & @LF)

Func _Impersonate($sUserName, $sDomain, $sPassword, $nLogonType = 2, $nLogonProvider = 0)
    Local $phToken
    Local $aDllRet
    Local $nError = -1
    
    $aDllRet = DllCall("advapi32.dll", "int", "LogonUser", _
        "str", $sUsername, _ 
        "str", $sDomain, _ 
        "str", $sPassword, _ 
        "int", $nLogonType, _ 
        "int", $nLogonProvider, _ 
        "int_ptr", $phToken)
    If Not @error And $aDllRet[0] <> 0 Then
        $phToken = $aDllRet[6]
        $aDllRet = DllCall("advapi32.dll", "int", "ImpersonateLoggedOnUser", "ptr", $phToken)
        If Not @error And $aDllRet[0] <> 0 Then
        ; Add your code here to run as the impersonated user
        ; For example, write to a file
            FileWriteLine("C:\username.txt", @UserName)
        ; or create a system environment variable
            RegWrite("HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment", _ 
                "MyImpersonatedName", "REG_SZ", @UserName)
        ; Revert back to the original logged on user
            DllCall("advapi32.dll", "int", "RevertToSelf")
        Else
            $aDllRet = DllCall("kernel32.dll", "int", "GetLastError")
            If Not @error Then $nError = $aDllRet[0]
        EndIf
        DllCall("kernel32.dll", "int", "CloseHandle", "ptr", $phToken)
    Else
        $aDllRet = DllCall("kernel32.dll", "int", "GetLastError")
        If Not @error Then $nError = $aDllRet[0]
    EndIf
    If $nError > -1 Then
        SetError($nError)
        Return 0
    EndIf
    Return 1
EndFunc
Edited by SumTingWong

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

hi SumTingWong,

this udf sounds very interesting ;) unfortunately i´m not sure how die bind it in my script :o

i guess it´s something like:

#include <filename.au3>

; call the function
_impersonate (

and here my knowledge ends... :geek:

could you please explain it to me? i think this is just what i´m looking for and trying to realize in my script the hole day... :/

thanks a lot :sorcerer:

Edited by domi974

---------------------------------------------

cheers

kimon

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now