windows-security

Does this require windows delegation to be enabled for server service account?

好久不见. 提交于 2019-12-12 02:29:56
问题 I have a client console application which has got some user credentials - domain\user and plain-text password. The client app obtains windowsidentity object for that user by invoking LogonUser (dwLogonType:LOGON32_LOGON_NETWORK) win32 API. I use windowsidentity to impersonate and make WCF Service call (hosted on different machine). The WCF Service is configured to use TCP protocol with windows integrated security. The call fails with SecurityNegotiation exception with error: The remote server

WMI.NET to MicrosoftBizTalkServer - Login failed for user ANONYMOUS LOGIN

生来就可爱ヽ(ⅴ<●) 提交于 2019-12-11 08:42:14
问题 When connecting to Biztalk Server 2010 via WMI.NET, I am able to successfully peruse any number of class types, but none of the Biztalk classes. Each of those throw the following exception verbiage: BizTalk Server cannot access SQL server. This could be due to one of the following reasons: 1. Access permissions have been denied to the current user. Either log on as a user that has been granted permissions to SQL and try again, or grant the current user permission to access SQL Server. 2. The

Either a required impersonation level was not provided, or the provided impersonation level is invalid

橙三吉。 提交于 2019-12-08 16:29:49
问题 I'm having some issues with a WCF service and Impersonation, I've distilled this to a simple method below. The WCF service is currently self hosted in an exe. The exception message is "Either a required impersonation level was not provided, or the provided impersonation level is invalid". Checking when the error is thrown, the Identity ImpersonationLevel is set to delegation, as specified on my client and its authenticated through Kerberos. I'm a bit puzzled, as it seems to me that the

Microsoft Root Certificate Authority 2010 not valid

纵然是瞬间 提交于 2019-12-08 08:47:33
问题 On my Windows 8.1 machine (freshly installed), the Microsoft Root Certificate Authority 2010 certificate is listed as not valid (as can be seen on the screenshot below). On the other hand, my Windows 10 machine shows this: What can be the reason for such behaviour? 来源: https://stackoverflow.com/questions/32661107/microsoft-root-certificate-authority-2010-not-valid

Microsoft Root Certificate Authority 2010 not valid

梦想与她 提交于 2019-12-06 16:43:48
On my Windows 8.1 machine (freshly installed), the Microsoft Root Certificate Authority 2010 certificate is listed as not valid (as can be seen on the screenshot below). On the other hand, my Windows 10 machine shows this: What can be the reason for such behaviour? 来源: https://stackoverflow.com/questions/32661107/microsoft-root-certificate-authority-2010-not-valid

How do I correctly call LsaLogonUser for an interactive logon?

*爱你&永不变心* 提交于 2019-12-06 03:29:20
问题 I'm trying to use LsaLogonUser to create an interactive logon session, but it always returns STATUS_INVALID_INFO_CLASS (0xc0000003). From what I have found in searching online, the memory layout of the KERB_INTERACTIVE_LOGON structure is tricky, but I'm pretty sure I've done that right. I've also tried using MSV1.0 instead of Kerberos, with MSV1_0_INTERACTIVE_LOGON for the authentication structure and MSV1_0_PACKAGE_NAME as the package name, but that fails with STATUS_BAD_VALIDATION_CLASS

Virtual Service Account without Network Access, like NT AUTHORITY\\LocalService

只谈情不闲聊 提交于 2019-12-05 20:56:48
Background: I'm writing a service and want to give it as few privileges as necessary. Virtual Accounts (sometimes "Virtual Service Accounts") are sparsely documented feature new to Windows 7/2008R2 that are automatically managed accounts for services that need minimal privileges but access the network with a computer identity in a domain environment. My service doesn't need network access, so I'm using LocalService, but I don't like the fact that if I grant access to a file/etc I granting access to all services running as that account. Is there a least privileged account I can use? You don't

How can I get the current user's SID in VB6?

夙愿已清 提交于 2019-12-05 14:25:44
I have some old code that we have to maintain in VB6. We need to add the ability for it to look up the current user's SID. Can anyone point me to some code that shows how to do that? Thanks in advance for your help! Try this Option Explicit '--- for OpenProcessToken Private Const TOKEN_READ As Long = &H20008 Private Declare Sub CopyMemory Lib "kernel32" Alias "RtlMoveMemory" (pTo As Any, uFrom As Any, ByVal lSize As Long) Private Declare Function GetCurrentProcess Lib "kernel32" () As Long Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long Private Declare

How to write in a registry key own by TrustedInstaller

一个人想着一个人 提交于 2019-12-05 13:42:39
问题 In order to install a new property page into the Active Directory SnapIn, I need to write into the following registry key of W2K8 R2 (as documented by Microsoft) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MMC\SnapIns{E355E538-1C2E-11D0-8C37-00C04FD8FE93}\NodeTypes This key is own by a special user called TrustedInstaller . I found a lots of thing on the NET arround that. At the moment here is the way it works doing the following (user is member of administrator group): I give the user the

How do I correctly call LsaLogonUser for an interactive logon?

穿精又带淫゛_ 提交于 2019-12-04 10:01:50
I'm trying to use LsaLogonUser to create an interactive logon session, but it always returns STATUS_INVALID_INFO_CLASS (0xc0000003). From what I have found in searching online, the memory layout of the KERB_INTERACTIVE_LOGON structure is tricky, but I'm pretty sure I've done that right. I've also tried using MSV1.0 instead of Kerberos, with MSV1_0_INTERACTIVE_LOGON for the authentication structure and MSV1_0_PACKAGE_NAME as the package name, but that fails with STATUS_BAD_VALIDATION_CLASS (0xc00000a7). Can anyone tell what I'm doing wrong here? Here's the code, with most of the error handling
订阅 windows-security