views:

88

answers:

1

We have to access a network UNC share which is say allowing access to USER1. Our exe is running with LOCAL SYSTEM account. In the exe, we do Impersonation with "USER1" credentials so that exe can access UNC share. But after doing the impersonation, we are still getting error "Access denied" while accessing that UNC share.

After the impersonation, we are enabling following privileges on the Impersonated thread: SE_BACKUP_NAME SE_CHANGE_NOTIFY_NAME SE_CREATE_GLOBAL_NAME SE_DEBUG_NAME SE_IMPERSONATE_NAME SE_RESTORE_NAME SE_SECURITY_NAME SE_TAKE_OWNERSHIP_NAME SE_TCB_NAME

Do we need to enable any other privileges or we are missing something else?

Thanks -- Nitin

A: 

If you're on an Active Directory domain you need to configure for delegation.

Given the following:

Server A hosting the EXE
Server B hosting the UNC share
Both servers on a domain managed by Active Directory

You must configure AD so that server A has the right to "delegate" for users on the domain or, to be more secure, for server B only.

For more help, check out serverfault.com.

Will
Thanks for all helps. We resolved this problem by replacing LOGON32_LOGON_NETWORK with LOGON32_LOGON_NETWORK_CLEARTEXT.-- Nitin