Impersonation and CurrentUser Registry Access

Question

Environment: Windows XP SP3, C#, .Net 4.0

Problem:

I\'m attempting to add access to an impersonated users registry hive in an impersonation class and I\'m ru

Answer 1

From the LoadUserProfile docs:

Starting with Windows XP Service Pack 2 (SP2) and Windows Server 2003, the caller must be an administrator or the LocalSystem account. It is not sufficient for the caller to merely impersonate the administrator or LocalSystem account.

If your process starts as a regular user you're out of luck. You could possibly launch a new process (under the admin credentials) to load the profile.

Answer 2

I found that the logon type set in the call to LogonUser() can be a factor. Even when running as an administrator I couldn't get past the error unless I switched from LOGON32_LOGON_INTERACTIVE to LOGON32_LOGON_BATCH. You would need to be sure the "Log on as a batch job" group policy doesn't interfere though.