Reputation: 333
SetTokenInformation and privileges
I want to add a privilege to my process token (my process is running with admin rights). I Can't use the AdjustTokenPrivileges because the process token does not contain my missing privilege. So, I tried to add the privilege to the token by SetTokenInformation. I'm pretty sure that I build the TOKEN_PRIVILEGES structure in the right way and I get an INVALID_PARAMETER_ERROR when I called SetTokenInformation. So, I'm thinking that there is a problem with using this function on an existing tokens. In addition I found this remark in the function MSDN page: "Token-type information can be set only when an access token is created."
So, What else can I do?
Note: I'm doing it because my call to CreateProcessAsUser failed becuase I don't have SE_ASSIGNPRIMARYTOKEN_NAME privilage.
Thanks for the helpers!
Upvotes: 4
Views: 3026
Answers (1)
Reputation: 93
You can change a privilege in a token but you can't add one. Keith Brown has a good section on the subject in his outstanding book on windows security. In it he says that once the LSA finishes constructing the token "You cannot later inject additional privileges...". I wish I could find a book like his that covers current windows security. Sigh.
Upvotes: 1
Related Questions
- Privilege Escalation and Access Token Rights Modification
- SetTokenInformation fails with 24, but the length is correct
- AdjustTokenPrivileges error ERROR_NOT_ALL_ASSIGNED
- AdjustTokenPrivileges error 6 - handle invalid
- How to recover privileges with GetTokenInformation () ? c++
- AdjustTokenPrivileges: ERROR_NOT_ALL_ASSIGNED after success
- GetTokenInformation returns ERROR_INSUFFICIENT_BUFFER
- GetTokenInformation with TokenGroups
- got error 1314 when doing SetTokenInformation
- WIN API User Privilege C++