Reputation: 598
Grant additional privilege to impersonating thread
My program, "UP", needs to be able to mount VHDX files from network locations. The difficulty is that any thread calling OpenVirtualDisk(...) upon a network location needs to have both SE_MANAGE_VOLUME_PRIVILEGE, which most of my users will not have, and access to the network location, which any System process "SP" I install to get around this will not have.
Method 1: I've read I can have SP receive the user's credentials and use "client impersonation" to create a thread running as the user. But I don't know how to have SP also grant that thread SE_MANAGE_VOLUME_PRIVILEGE.
Method 2: If SP is handed the user's credentials, can it use them to set up transparent access for itself to the network share, so that it can call OpenVirtualDisk(...) itself?
Upvotes: 5
Views: 113
Answers (0)
Related Questions
- CreateProcess from an impersonated thread
- Accessing mapped drives when using impersonation
- ImpersonateLoggedOnUser is successful but secondary process is still run in the initial context
- use Process.Start while Impersonating (Window Application)
- Executing powershell threads in IIS as impersonated user
- Impersonate a thread with user's filtered token
- Impersonating a user as LocalSystem on Windows
- Need Impersonation when accessing shared network drive
- Impersonate SYSTEM (or equivalent) from Administrator Account
- Multilevel usage of thread impersonation