>I am trying to use the LogonUser() API function on an NT Server to programmatically verify an NT userid and password. MSDN indicates that the "Act as part of the operating system" privilege is required to call this function. I have verified that the account I am logged into the NT Server under has this privelege but GetLastError() still indicates insufficient privilege (1314). I am using the code R. Strahl posted a few weeks ago. I have tried it using a local machine login (".") and with a domain login. Anyone with experience using this function can point me in the right direction?
>
It's overwhelmingly likely that while the account may be granted the privilege, you need to set the process token set using AdjustTokenPrivilege() API call. The following is cut from the MSDN docs
Enabling and Disabling Privileges
The following example shows how to enable or disable a privilege in an access token. The example calls the LookupPrivilegeValue function to get the LUID that the local system uses to identify the privilege. Then the example calls the AdjustTokenPrivileges function, which either enables or disables the privilege that depends on the value of the bEnablePrivilege parameter.
BOOL SetPrivilege(
HANDLE hToken, // access token handle
LPCTSTR lpszPrivilege, // name of privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
)
{
TOKEN_PRIVILEGES tp;
LUID luid;
if ( !LookupPrivilegeValue(
NULL, // lookup privilege on local system
lpszPrivilege, // privilege to lookup
&luid ) ) { // receives LUID of privilege
printf("LookupPrivilegeValue error: %u\n", GetLastError() );
return FALSE;
}
tp.PrivilegeCount = 1;
tp.Privileges[0].Luid = luid;
if (bEnablePrivilege)
tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
else
tp.Privileges[0].Attributes = 0;
// Enable the privilege or disable all privileges.
AdjustTokenPrivileges(
hToken,
FALSE,
&tp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES) NULL,
(PDWORD) NULL);
// Call GetLastError to determine whether the function succeeded.
if (GetLastError() != ERROR_SUCCESS) {
printf("AdjustTokenPrivileges failed: %u\n", GetLastError() );
return FALSE;
}
return TRUE;
}