Morag Hughson
Reputation: 7525
What privileges does a domain user require to use AcquireCrednetialsHandle (Schannel) using LocalMachine certificate store?
I have a program that can successfully create an Schannel connection when run using a local user id on a Windows machine. My call to AcquireCredentialsHandle is not a complex one - fairly vanilla.
credData.dwVersion = SCHANNEL_CRED_VERSION;
credData.cCreds = 1;
credData.paCred = &pSecLstr->serverCert;
ss = AcquireCredentialsHandle(NULL,
UNISP_NAME,
SECPKG_CRED_INBOUND,
NULL,
&credData,
NULL, NULL,
&(pSecLstr->hCred),
&Lifetime);
When it is run using a domain user logged in using RDP, and utilising the LocalMachine certificate store, the call returns 0x00000520 (ERROR_NO_SUCH_LOGON_SESSION).
I assume that this means some privileges or security policies are missing on the domain account that would normally be present on a local user ID. I cannot find any documentation about what those privileges or policies might be however.
Anyone know?
Upvotes: 0
Views: 88
Answers (0)
Related Questions
- How to validate an SSL certificate based on the root-certificates present in the local machine's certificate store?
- New-PSDrive as "anonymous" for remote share that has enabled "Network access: Let Everyone permissions apply to anonymous users"
- Self-signed cert generated through CryptAPI and added to a remote certificate store does not have private key
- Service account cannot load the X509Certificate from windows certificate store
- Calling CreateService when explicitly specifying the local domain in lpServiceStartName errors out
- NetUserAdd failing when running on workgroup Windows Server 2008 R2