October 24th, 2012, 3:56 pm
Hi,
for some special device operation with Zw/NtPlugPlayControl(...) i need to have the SeTcbPrivilege wich is only held by some service/process running in "NT AUTHORITY\SYSTEM". The privilege can be enabled for the admin users by setting some group policy property, but this is not the way you will do that if you need to be able to run that from code. There are some ways in gaining access or starting a process with the LocalSystem user like running it from task scheduler or creating a service and starting the operation from within. The last one i am aware of is by doing some OpenProcess->OpenProcessToken->DuplicateToken->ImpersonateLoggedOnUser[DO WORK HERE]->RevertToSelf but this also needs me to walk the running service processes until i find a candidate and then duplicate the token from there. Is there any other "better" way to do this, maybe some other API or method? I need to run some code inside some thread that will call this function.
Thanks in advance,...
K.
for some special device operation with Zw/NtPlugPlayControl(...) i need to have the SeTcbPrivilege wich is only held by some service/process running in "NT AUTHORITY\SYSTEM". The privilege can be enabled for the admin users by setting some group policy property, but this is not the way you will do that if you need to be able to run that from code. There are some ways in gaining access or starting a process with the LocalSystem user like running it from task scheduler or creating a service and starting the operation from within. The last one i am aware of is by doing some OpenProcess->OpenProcessToken->DuplicateToken->ImpersonateLoggedOnUser[DO WORK HERE]->RevertToSelf but this also needs me to walk the running service processes until i find a candidate and then duplicate the token from there. Is there any other "better" way to do this, maybe some other API or method? I need to run some code inside some thread that will call this function.
Thanks in advance,...
K.
