Impersonation / CreateProcessAsUserW Permissions

Impersonation / CreateProcessAsUserW Permissions

am 22.04.2008 16:13:02 von Steven

Hi, I have been working on a project now for sometime to execute perl scripts
that are part of a larger source management application. In order for the
scripts to work properly they have to be executed under the correct
authenticated domain user account. Now I have the whole thing working except
I have one problem. The domain users must be set as administrators on the web
server machine which to execute the perl scripts. This is unacceptable
because what is stopping those users from just logging in to the machine in
another way and messing the system up.

I have given the user all of the permissions in this document:
http://msdn2.microsoft.com/en-us/library/dwc1xthy(VS.71).asp x

And I have givern them access to the perl scripts location, the location of
perl.exe... Actually i have pretty much given them permissions to the whole
drive lol.

they also have the following priviledges:
"Replace a process level token"
/SE_ASSIGNPRIMARYTOKEN_NAME/SeAssignPrimaryTokenPrivilege
"Adjust memory quotas for a process"
/SE_INCREASE_QUOTA_NAME/SeIncreaseQuotaPrivilege

So my question is... Is it even possible to do this with a user who is not
part of the administrators group? If it is possible, what permissions and
privileges does that user need to access the executables?

Any response at this point would be a great help. Thanks