c++ token Impersonation to modify HKEY_CURRENT_USERS from service

Question

I am running a service (in local account). I have used WTSEnumerateSessionsto retrive all the current sessionID. Then i found impersonation token and usertoken with the help of WTSQueryUserToken and GetTokenInformation. I have called the method ImpersonateLoggedOnUser , after performing tasks I called 'revertToSelf'

For the first session it works very fine( from SYSTEM account to userAccount). But for the next session, i am still accessing the previous user HKEY_CURRENT_USERS (When I retrieve account name is works perfectly). But when i try to update the HKEY_CURRENT_USER, it will add the changes to the previous session ( I have called revertoself before start working with next session

Thanks in advance

Answer 1

Impersonation changes the result of security checks, it does not change the view of the registry, in this case the per-user keys.

To update HKEY_CURRENT_USER for a particular user, you need to look in HKEY_USERS and locate the key belonging to the user whose registry you wish to modify.

They key names will look something like this:

• HKEY_USERS\S-1-5-21-123412341-123412341-123412341-1061
• HKEY_USERS\S-1-5-21-123412341-123412341-123412341-1061_Classes

The S-1-5 part is the string representation of the user's SID, which you obtain from OpenThreadToken, GetTokenInformation and convert with ConvertSidToStringSid