In-script user impersonation

[SumTingWong]

You can use the following UDF to run code inside a script as another user. Useful if you want to use built-in file and registry management functions as an admin user without calling an external script.

There are some limitations so I suggest you read up on LogonUser. For example, calling this API on Windows 2000 requires the SE_TCB_NAME privilege which your non-admin user won't have.

To impersonate a local user, set the domain parameter to "."

expandcollapse popup

Global Const $LOGON32_LOGON_INTERACTIVE = 2
Global Const $LOGON32_LOGON_NETWORK = 3
Global Const $LOGON32_LOGON_BATCH = 4
Global Const $LOGON32_LOGON_SERVICE = 5
Global Const $LOGON32_LOGON_UNLOCK = 7
Global Const $LOGON32_LOGON_NETWORK_CLEARTEXT = 8
Global Const $LOGON32_LOGON_NEW_CREDENTIALS = 9

Global Const $LOGON32_PROVIDER_DEFAULT = 0
Global Const $LOGON32_PROVIDER_WINNT35 = 1
Global Const $LOGON32_PROVIDER_WINNT40 = 2
Global Const $LOGON32_PROVIDER_WINNT50 = 3

ConsoleWrite(_Impersonate("myadminusername", "mydomain", "mypassword") & @LF)

Func _Impersonate($sUserName, $sDomain, $sPassword, $nLogonType = 2, $nLogonProvider = 0)
    Local $phToken
    Local $aDllRet
    Local $nError = -1
    
    $aDllRet = DllCall("advapi32.dll", "int", "LogonUser", _
        "str", $sUsername, _ 
        "str", $sDomain, _ 
        "str", $sPassword, _ 
        "int", $nLogonType, _ 
        "int", $nLogonProvider, _ 
        "int_ptr", $phToken)
    If Not @error And $aDllRet[0] <> 0 Then
        $phToken = $aDllRet[6]
        $aDllRet = DllCall("advapi32.dll", "int", "ImpersonateLoggedOnUser", "ptr", $phToken)
        If Not @error And $aDllRet[0] <> 0 Then
        ; Add your code here to run as the impersonated user
        ; For example, write to a file
            FileWriteLine("C:\username.txt", @UserName)
        ; or create a system environment variable
            RegWrite("HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Environment", _ 
                "MyImpersonatedName", "REG_SZ", @UserName)
        ; Revert back to the original logged on user
            DllCall("advapi32.dll", "int", "RevertToSelf")
        Else
            $aDllRet = DllCall("kernel32.dll", "int", "GetLastError")
            If Not @error Then $nError = $aDllRet[0]
        EndIf
        DllCall("kernel32.dll", "int", "CloseHandle", "ptr", $phToken)
    Else
        $aDllRet = DllCall("kernel32.dll", "int", "GetLastError")
        If Not @error Then $nError = $aDllRet[0]
    EndIf
    If $nError > -1 Then
        SetError($nError)
        Return 0
    EndIf
    Return 1
EndFunc

Edited August 15, 2005 by SumTingWong

[kimonxx]

hi SumTingWong,

this udf sounds very interesting unfortunately i´m not sure how die bind it in my script

i guess it´s something like:

#include <filename.au3>

; call the function
_impersonate (

and here my knowledge ends...

could you please explain it to me? i think this is just what i´m looking for and trying to realize in my script the hole day... :/

thanks a lot

Edited March 2, 2006 by domi974