views:

541

answers:

2

Hello all,

Is it possible to impersonate a user without supplying user name/password? Basically, I'd like to get the CSIDL_LOCAL_APPDATA for a user (not the current one) using the ShGetFolderPath() function. All I currently have is a SID for that user.

Thanks in advance.

+3  A: 

No, you have to call Win32 API LogonUser function to get windows account token back so you can then impersonate.

Esteban Araya
Hmm, that explains why I can't get it work properly... Is there any other way to get that path? Thanks.
dennisV
+2  A: 

You can impersonate a user without supplying password by calling ZwCreateToken. See the CreatePureUserToken function in this article: GUI-Based RunAsEx You must be running as an admin (or LocalSystem) for this to work.

Another technique is to use Windows Subauthentication Packages. This allows you to override windows built-in authentication and allow a LogonUser to succeed even if no password was supplied. See this KB article.