Not able to access UNC share after doing the Imperosnation

Question

We have to access a network UNC share which is say allowing access to USER1. Our exe is running with LOCAL SYSTEM account. In the exe, we do Impersonation with "USER1" credentials so that exe can access UNC share. But after doing the impersonation, we are still getting error "Access denied" while accessing that UNC share.

After the impersonation, we are enabling following privileges on the Impersonated thread: SE_BACKUP_NAME SE_CHANGE_NOTIFY_NAME SE_CREATE_GLOBAL_NAME SE_DEBUG_NAME SE_IMPERSONATE_NAME SE_RESTORE_NAME SE_SECURITY_NAME SE_TAKE_OWNERSHIP_NAME SE_TCB_NAME

Do we need to enable any other privileges or we are missing something else?

Thanks -- Nitin

Answer 1

If you're on an Active Directory domain you need to configure for delegation.

Given the following:

Server A hosting the EXE
Server B hosting the UNC share
Both servers on a domain managed by Active Directory

You must configure AD so that server A has the right to "delegate" for users on the domain or, to be more secure, for server B only.

For more help, check out serverfault.com.