| From: | "Gary Doades" <gpd(at)gpdnet(dot)co(dot)uk> |
|---|---|
| To: | pgsql-hackers-win32(at)postgresql(dot)org |
| Subject: | Re: PgSQL not as Administrator - probs on w |
| Date: | 2004-07-02 19:12:08 |
| Message-ID: | 40E5C198.9721.542A52E@localhost |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers-win32 |
On 2 Jul 2004 at 17:42, Magnus Hagander wrote:
> The priv causing the problem is ReplaceProcessLevelToken. And the
> problem is not activagting it, the problem is that it's not granted at
> all by defualt.
> IIRC CreateProcessAsUser is the one being used by 2k/XP with the
> CreateProcessAndLogin() API (I may have misspelled that one, but it's
> something like that)
>
> //Magnus
>
I see.
Privileges and security descriptors in NT+ are a real pain to manipulate in code.
Digging deeper....
I think the call you refer to is CreateProcessWithLogonW(). This is only available with
2000/XP/2003 and not NT. With NT you must use the functions I mentioned earlier and
you need certain privs.
Apprently there is a utility in Windows NT Server 4.0 Resource Kit Supplement 3
(free distribution AFAIK) called ntrights.exe. With this you could call it from
your installer to grant the SeAssignPrimaryTokenPrivilege which corresponds to
the display name "Replace a process level token".
I don't have access to the resource kit at the moment as I am home for the
weekend. If its not downloadable I should be ablt to get it on monday. It's
probably not an ideal solution, but it looks like it should work.
Cheers,
Gary.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Gary Doades | 2004-07-02 20:41:05 | Re: PgSQL not as Administrator - probs on w |
| Previous Message | Magnus Hagander | 2004-07-02 15:42:08 | Re: PgSQL not as Administrator - probs on w |