I'm experimenting with a program that creates temporary local accounts to elevate things. The manager program destroys the temporary account after the token is created and the process is launched, but the token is still perfectly usable to launch new processes. Most programs I checked - the command prompt, PowerShell, Notepad - are perfectly OK with this.
The Windows Update Standalone Installer (WUSA), on the other hand, is very much not alright with this arrangement. When launched as a user that doesn't exist, it exits with an error stating that no SIDs were mapped to user names, which makes sense because no user exists for that SID anymore. (Error code 1332, ERROR_NONE_MAPPED.)
I suppose I'll have to add logic to the managing program to not destroy the temporary account until after the new process (possibly along with its children) has exited.
No comments:
Post a Comment