Same result.
Kevin Ailes
Administrator
OTTO Engineering
> -----Original Message-----
> From: Ky-Anh Phan [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, January 17, 2002 5:32 PM
> To: 'Dean Theophilou'; Perl-win32-admin list (E-mail)
> Subject: RE: Win32::Adminmisc
>
>
> 1. Run script below with an admin account.
> 2. LogOff
>
> Now try your impersonation.
>
>
>
> --------------------------------------------------------------------------
> --
> --------------------------------
>
> unless ($error = Enable($targetLogin))
> {
> print $error;
> }
>
> sub Enable
> {
>
> my $login;
>
> $login = scalar @_ ? \@_ : [ Win32::DomainName() . '\\' .
> Win32::LoginName() ] ;
>
> my $server = "\\\\".Win32::NodeName();
>
> return Win32::Lanman::GetLastError unless
> Win32::Lanman::GrantPrivilegeToAccount($server,
> Win32::Lanman::SE_TCB_NAME(), $login)
> and Win32::Lanman::GrantPrivilegeToAccount($server,
> Win32::Lanman::SE_CHANGE_NOTIFY_NAME(), $login)
> and Win32::Lanman::GrantPrivilegeToAccount($server,
> Win32::Lanman::SE_ASSIGNPRIMARYTOKEN_NAME(), $login);
>
> return 0;
>
> }
>
>
> -----Original Message-----
> From: Dean Theophilou [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 17, 2002 2:52 PM
> To: Perl-win32-admin list (E-mail)
> Subject: RE: Win32::Adminmisc
>
>
> To be perfectly honest, I'm stumped. Although I'm using build 630,
> I'm not
> sure if that is relevant. The only other thing I can think of is that
> since
> the
> domain is not being specified (the first parameter of the LogonAsUser
> function),
> that the user account is undefined. Perhaps you can ask Mr. Dave Roth
> (the
> creator the module) if there is a specific GetLastError function for the
> AdminMisc module (I looked at the docs for that module and I didn't see
> one,
> but
> you never know).
>
> ...a few minutes pass while consulting Win32 Perl Scripting: The
> Admininistrator's Handbook (also by Dave Roth)...
>
> I was just reading that since the four required privileges are
> local, "a user
> must have these privileges on each computer that she [ignore the PC
> pronoun
> usage :)] intends to run scripts that call the LogonAsUser() function."
> You
> might want to check that. You might also want to check if the user who
> has
> been
> assigned these privileges has been logged off and then on again, so that
> the
> privileges can take effect. Anyway, if none of this works, then I'm all
> out
> of
> ideas (I still consider myself somewhat of beginner Perl user); sorry.
>
>
> Dean
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of
> Ailes, Kevin
> Sent: Thursday, January 17, 2002 2:11 PM
> To: Perl-win32-admin list (E-mail)
> Subject: RE: Win32::Adminmisc
>
>
> I tried that and I get.....
>
> before LogonAsUser(): name = apache
> The operation completed successfully.
> Failed to logon as apache.
> The Win32 error number is: 1
> The Win32 error text is: Incorrect function
> The Perl error number is: 0
> The Perl error text is:
> .............................
>
> I am attempting to use this script via an apache web server that is
> running
> as the "apache" user.
>
> I have set all of the privileges as described in prior posts.
>
> What is with the "Incorrect function" result?
>
> I am using binary build 623 of activestate perl 5.6.0
>
>
> Kevin Ailes
> Administrator
> OTTO Engineering
>
> > -----Original Message-----
> > From: Dean Theophilou [SMTP:[EMAIL PROTECTED]]
> > Sent: Thursday, January 17, 2002 3:57 PM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> > [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: RE: Win32::Adminmisc
> >
> > Hmmm...I'm not really sure what's happening here. That the operation
> > "completed
> > successfully" is obviously wrong. How about trying something like this
> > (which
> > is borrowed from Win32 Perl Programming: The Standard Extensions, 2 ed.,
> > by Dave
> > Roth):
> >
> > use Win32::AdminMisc;
> > use Win32;
> >
> > $! = $^E = 0;
> > $name = Win32::AdminMisc::GetLogonName();
> > print("before LogonAsUser(): name = $name\n");
> >
> > if (Win32::AdminMisc::LogonAsUser("",
> > "bob",
> > "welcome",
> > LOGON32_LOGON_INTERACTIVE )) {
> > $name = Win32::AdminMisc::GetLogonName();
> > print("Successfully. After LogonAsUser(), name = $name\n");
> >
> > } else {
> > print Win32::FormatMessage(Win32::GetLastError());
> > print "Failed to logon as $name.\n";
> > print "Currently logged on as: " . Win32::AdminMisc::GetLogonName();
> > print "The Win32 error number is: ", int($^E), "\n";
> > print "The Win32 error text is: $^E\n";
> > print "The Perl error number is: ", int($!), "\n";
> > print "The Perl error text is: $!\n";
> >
> > }
> >
> > Try that and see what error comes up.
> >
> >
> > Dean
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 17, 2002 2:13 AM
> > To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
> > [EMAIL PROTECTED]; [EMAIL PROTECTED]
> > Subject: RE: Win32::Adminmisc
> >
> >
> > Hello Dean,
> >
> > Thanks for your help.
> > I tried as you mentionned in your message but it didn't work.
> >
> > Win32::FormatMessage(Win32::GetLastError()) ===> printed "The operation
> > completed successfully"
> > The errno $! was empty.
> >
> > Environment:
> > - ActiveState Perl 5.005_03 build 522
> > - Extension Win32::AdminMisc Perl 5.005 ActiveState Build (Last updated
> > 20000117)
> > - The user who runs the script is a domain administrator (Eric) and the
> 4
> > privileges were set for him
> > - The impersonated user is an end-user (Bob) in the same domain
> >
> >
> > Here is the test script:
> > ##############################################################
> > use Win32::AdminMisc;
> > use Win32;
> >
> > $name = Win32::AdminMisc::GetLogonName();
> > print("before LogonAsUser(): name = $name\n");
> >
> > if (Win32::AdminMisc::LogonAsUser("",
> > "bob",
> > "welcome",
> > LOGON32_LOGON_INTERACTIVE )) {
> > $name = Win32::AdminMisc::GetLogonName();
> > print("Successfully. After LogonAsUser(), name = $name\n");
> >
> > } else {
> > print Win32::FormatMessage(Win32::GetLastError());
> > print "Failed to logon: Errno=$!.\n";
> > }
> > ##############################################################
> >
> > Here is the output:
> >
> > before LogonAsUser(): name = Eric
> > The operation completed successfully.
> > Failed to logon: Errno=.
> >
> >
> > Eric.
> >
> > -----Original Message-----
> > From: Dean Theophilou [mailto:[EMAIL PROTECTED]]
> > Sent: jeudi 17 janvier 2002 4:15
> > To: DePriest, Jason R.; 'Ailes, Kevin'; Perl-win32-admin list (E-mail)
> > Subject: RE: Win32::Adminmisc
> >
> >
> > Hello:
> >
> > Ok, let's start at the beginning. The user who will be running the
> > script
> > needs to have the following four privileges:
> >
> > Act as part of the OS
> > Bypass traverse checking (this is usually a default privilege)
> > Increase quotas
> > Replace a process level token
> >
> > Note that these privileges ARE for the person who will be running
> > the script;
> > NOT the person you are trying to impersonate. The person you end of
> > impersonating ("$UserID, $UserPassword", in your example below) does not
> > need
> > these privileges, for purposes of the LogonAsUser function, that is.
> >
> > After you make the call to LogonAsUser, make a call to
> > Win32::AdminMisc::GetLogonName to check if the impersonation succeeded.
> > If
> > it
> > did not succeed, get the last error and print it out to see what it
> says;
> > do
> > something like this:
> >
> > print Win32::FormatMessage(Win32::GetLastError());
> >
> > You might also want to print out the regular Perl error with $!.
> > Anyway, give
> > that a shot, and if it doesn't work, then let me know what error was
> > produced.
> > Good luck.
> >
> >
> > Dean Theophilou
> >
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > DePriest, Jason R.
> > Sent: Wednesday, January 16, 2002 7:03 AM
> > To: 'Dean Theophilou'; 'Ailes, Kevin'; Perl-win32-admin list (E-mail)
> > Subject: RE: Win32::Adminmisc
> >
> >
> > I have tried LOGON32_LOGON_BATH and LOGON32_LOGON_INTERACTIVE with the
> > same
> > results.
> >
> > There must be something else we are overlooking.
> >
> > The system I am running the script on is a Windows NT 4.0 Server,
> > Enterprise
> > Edition member server of a Windows NT domain. The account I am trying
> to
> > run the script as is in that Windows NT domain.
> > The account has been made a member of the local administrator's group
> the
> > server as well as a domain administrator on the domain.
> > The account has also been individually assigned the rights that were
> > detailed in previous emails to/from this list.
> >
> > Does that help any?
> >
> > -Jason
> >
> > > -----Original Message-----
> > > From: Dean Theophilou [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, January 15, 2002 06:11 PM
> > > To: DePriest, Jason R.; 'Ailes, Kevin'; Perl-win32-admin list
> (E-mail)
> > > Subject: RE: Win32::Adminmisc
> > >
> > > How about trying LOGON32_LOGON_INTERACTIVE as the fourth parameter of
> > the
> > > LogonAsUser function? This is what I use, so I know it works.
> > >
> > > Dean Theophilou
> > >
> > >
> > > -----Original Message-----
> > > From: DePriest, Jason R. [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, January 15, 2002 12:28 PM
> > > To: 'Dean Theophilou'; DePriest, Jason R.; 'Ailes, Kevin';
> > > Perl-win32-admin list (E-mail)
> > > Subject: RE: Win32::Adminmisc
> > >
> > >
> > >
> > > My biggest problem is this:
> > >
> > > <script>
> > >
> >
> Win32::AdminMisc::LogonAsUser($Domain,$UserID,$UserPassword,LOGON32_LOGON_
> > > SERVICE);
> > > $WhoAmI = Win32::AdminMisc::GetLogonName();
> > > </script>
> > >
> > > $WhoAmI is invariably listed as the currently logged in user, whether
> > > myself or "SYSTEM" when run as a scheduled task.
> > >
> > > The $UserID has been granted each right that you listed as the rights
> it
> > > ~must~ have to work correctly.
> > >
> > > -Jason
> > >
> > > -----Original Message-----
> > > From: Dean Theophilou [ <mailto:[EMAIL PROTECTED]>]
> > > Sent: Tuesday, January 15, 2002 02:14 PM
> > > To: DePriest, Jason R.; 'Ailes, Kevin'; Perl-win32-admin list
> > (E-mail)
> > >
> > > Subject: RE: Win32::Adminmisc
> > >
> > > My suggestion is to keep the standard privileges for the Admin group
> and
> > > the four required for the logonasuser function. The four required for
> > the
> > > function are:
> > >
> > >
> > > 1) Bypass traverse checking
> > > 2) Act as part of the OS
> > > 3) Increase quotas
> > > 4) Replace a process level token
> > >
> > >
> > > Dean Theophilou
> > >
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED] [
> > > <mailto:[EMAIL PROTECTED]>]On Behalf Of
> > > DePriest, Jason R.
> > >
> > > Sent: Tuesday, January 15, 2002 12:04 PM
> > > To: 'Dean Theophilou'; DePriest, Jason R.; 'Ailes, Kevin';
> > > Perl-win32-admin list (E-mail)
> > > Subject: RE: Win32::Adminmisc
> > >
> > >
> > >
> > > I cannot speak for anyone else who has had this problem, but, yes the
> > > account was made a member of the local administrators and domain
> > > administrators group.
> > >
> > > I also added the following rights to the particular account:
> > > Act as part of the operating system,
> > > Bypass traverse checking (even though this was already granted to a
> > group
> > > it was in),
> > > Increase Quotas,
> > > Log on as a batch job,
> > > Log on as a service,
> > > Log on locally (even though this was already granted to a group it was
> > > in), and
> > > Replace a process level token.
> > >
> > > The problem still remained.
> > >
> > > -Jason
> > >
> > > -----Original Message-----
> > > From: Dean Theophilou [ < <mailto:[EMAIL PROTECTED]>>]
> > > Sent: Tuesday, January 15, 2002 01:10 PM
> > > To: DePriest, Jason R.; 'Ailes, Kevin'; Perl-win32-admin list (E-mail)
> > > Subject: RE: Win32::Adminmisc
> > >
> > >
> > > Hello:
> > >
> > > Did you set the privileges required for the user you want to
> log
> > > on as? For
> > > example, if you are logged on as "Fred", and you want to switch to
> > > "Wilma", then
> > > Wilma must have the four privileges listed on p. 228 of Win32 Perl
> > > Scripting:
> > > The Administrator's Handbook, by Dave Roth.
> > >
> > >
> > > Dean Theophilou
> > > Genisar
> > >
> > >
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [ < <mailto:[EMAIL PROTECTED]>>]On
> Behalf
> > Of
> > >
> > > DePriest, Jason R.
> > > Sent: Tuesday, January 15, 2002 9:50 AM
> > > To: 'Ailes, Kevin'; Perl-win32-admin list (E-mail)
> > > Subject: RE: Win32::Adminmisc
> > >
> > >
> > > I am one of the people who have had the same problem.
> > >
> > > It seems like, after logging on as the specified user, the script
> > forgets
> > > who it is logged in as and tries to run as SYSTEM or whatever...
> > >
> > > I was thinking that you might have to use
> > > Win32::AdminMisc::CreateProcessAsUser along with
> > > Win32::AdminMisc::LogonAsUser, but I didn't have the time nor the
> > patience
> > >
> > > to try and figure out Win32::AdminMisc::CreateProcessAsUser.
> > >
> > > For my project, instead of creating a service like I was originally
> > > planning
> > > on, I used cygwin + cron to schedule the task and let cron run it in
> its
> > > heightened context instead.
> > >
> > > -Jason
> > >
> > > -----Original Message-----
> > > From: Ailes, Kevin [ < <mailto:[EMAIL PROTECTED]>>]
> > > Sent: Tuesday, January 15, 2002 11:47 AM
> > > To: Perl-win32-admin list (E-mail)
> > > Subject: Win32::Adminmisc
> > >
> > >
> > > I now realize that I need to set up the user account that the apache
> web
> > > service runs under to have some advanced capabilities or use the
> > > Win32::Adminmisc module to logon as a different user.(impersonate a
> user
> > > with advanced privelages)
> > >
> > > Unfortunately for me, I can not get the logonasuser method to function
> > > properly.
> > >
> > > I searched Dave Roth's web site for instructions. I found and set the
> > > privelages for the apache web user account according to the faq.
> > > No luck.
> > >
> > > I searched the usenet groups from google and found many references to
> > the
> > > same problem I am having, however there were no answers other than to
> > set
> > > the privelages on the user account.(which I have done.) I even
> > restarted
> > > the web server service. I haven't tried restarting the
> machine.....yet.
> > >
> > > I searched the Adminmisc newsgroup hosted by Dave's site. There were
> > many
> > >
> > > un-answered questions regarding the logonasuser method failing in a
> > > similar
> > > manner to what I have described.
> > >
> > > Am I missing something here?
> > >
> > > Kevin Ailes
> > > Administrator
> > > OTTO Engineering
> > >
> > > _______________________________________________
> > > Perl-Win32-Admin mailing list
> > > [EMAIL PROTECTED]
> > > < <http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin>>
> > > _______________________________________________
> > > Perl-Win32-Admin mailing list
> > > [EMAIL PROTECTED]
> > > < <http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin>>
> > >
> > _______________________________________________
> > Perl-Win32-Admin mailing list
> > [EMAIL PROTECTED]
> > http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
> >
> > _______________________________________________
> > Perl-Win32-Admin mailing list
> > [EMAIL PROTECTED]
> > http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
> _______________________________________________
> Perl-Win32-Admin mailing list
> [EMAIL PROTECTED]
> http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
>
> _______________________________________________
> Perl-Win32-Admin mailing list
> [EMAIL PROTECTED]
> http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
> _______________________________________________
> Perl-Win32-Admin mailing list
> [EMAIL PROTECTED]
> http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
