>The logonTypes recognized by LogonUser that I tried were Interactive,
>Network, Batch, and Service. The service could only read and delete the
>files from the network directory when I used the Interactive logon type.
>Since a Service lacks a UI, it seemed like more privilege than the Service
>should need. Are the other logonTypes ever used in impersonation?
This appears to be the list of constants that define available logon types:
LOGON32_LOGON_BATCH
LOGON32_LOGON_INTERACTIVE
LOGON32_LOGON_NETWORK
LOGON32_LOGON_NETWORK_CLEARTEXT
LOGON32_LOGON_NEW_CREDENTIALS
LOGON32_LOGON_SERVICE
LOGON32_LOGON_UNLOCK
These are explained in more detail at
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/security/logonuser.asp.
Good luck.