In a service, I try to use the following code to launch a program :
HANDLE hPipe;
HANDLE hToken;
PROFILEINFO stProfileInfo;
char szUserName[64];
DWORD dwUserNameSize = 64;
// Take the identity of the client
ImpersonateNamedPipeClient(hPipe);
// Retrieve the user name (DOMAIN\USER)
GetUserNameEx(NameSamCompatible,szUserName,&dwUserNameSize);
// Get the impersonation token
OpenThreadToken(GetCurrentThread(),TOKEN_ALL_ACCESS,TRUE,&hToken);
// Load the user's profile
ZeroMemory(&stProfileInfo,sizeof(PROFILEINFO));
stProfileInfo.dwSize = sizeof(PROFILEINFO);
stProfileInfo.dwFlags = PI_NOUI;
stProfileInfo.lpUserName = szUserName;
LoadUserProfile(hToken,&stProfileInfo);
Unfortunately, the call to LoadUserProfile fail with GetLastError=5 (access denied).
In userenv.log, I can find this :
USERENV LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV LoadUserProfile: Entering, hToken = <0xc8>, lpProfileInfo = 0xb30aa4
USERENV LoadUserProfile: lpProfileInfo->dwFlags = <0x1>
USERENV LoadUserProfile: lpProfileInfo->lpUserName = <MYDOMAIN\USERNAME>
USERENV LoadUserProfile: NULL central profile path
USERENV LoadUserProfile: NULL default profile path
USERENV LoadUserProfile: NULL server name
USERENV LoadUserProfile: Failed to enable the restore privilege. error = c0000022
USERENV LoadUserProfile: Returning FALSE. Error = 5
Of course, I checked that my service (running as SYSTEM) has the SE_RESTORE_NAME (and SE_BACKUP_NAME) privileges enabled.
Any help would be greatly appreciated !