In a service, I am trying to use the following code to run a program:
HANDLE hPipe;
HANDLE hToken;
PROFILEINFO stProfileInfo;
char szUserName[64];
DWORD dwUserNameSize = 64;
ImpersonateNamedPipeClient(hPipe);
GetUserNameEx(NameSamCompatible,szUserName,&dwUserNameSize);
OpenThreadToken(GetCurrentThread(),TOKEN_ALL_ACCESS,TRUE,&hToken);
ZeroMemory(&stProfileInfo,sizeof(PROFILEINFO));
stProfileInfo.dwSize = sizeof(PROFILEINFO);
stProfileInfo.dwFlags = PI_NOUI;
stProfileInfo.lpUserName = szUserName;
LoadUserProfile(hToken,&stProfileInfo);
Sorry, the call LoadUserProfileends with GetLastError=5 (access denied). In userenv.log, I can find this:
USERENV LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV LoadUserProfile: Entering, hToken = <0xc8>, lpProfileInfo = 0xb30aa4
USERENV LoadUserProfile: lpProfileInfo->dwFlags = <0x1>
USERENV LoadUserProfile: lpProfileInfo->lpUserName = <MYDOMAIN\USERNAME>
USERENV LoadUserProfile: NULL central profile path
USERENV LoadUserProfile: NULL default profile path
USERENV LoadUserProfile: NULL server name
USERENV LoadUserProfile: Failed to enable the restore privilege. error = c0000022
USERENV LoadUserProfile: Returning FALSE. Error = 5
Of course, I checked that my service (running as SYSTEM) has privileges SE_RESTORE_NAME(and SE_BACKUP_NAME).
Any help would be greatly appreciated!
source
share