I do impersonation of a non-admin user account in an app that is running as an admin user (using LogonUser()
, DuplicateToken()
and WindowsIdentity.Impersonate()
functions). Since this user account is temporary, I also need to load a user profile (using LoadUserProfile()
native function). All methods execute successfully (no last error is set) and the current identity is the impesonated non-admin user as expected. However, when I try to run a new process with System.Diagnostics.Process.Start()
, I get an error:
Access is denied.
When I try to manually execute the same scenario with runas /profile /user:mynonadmin user, everything works fine.
What am I missing here?