Intel® Fortran Compiler
Build applications that can scale for the future with optimized code designed for Intel® Xeon® and compatible processors.
29274 Discussions

Help with AdjustTokenPrivileges

Intel_C_Intel
Employee
‎02-24-2004 09:47 PM
1,350 Views
I would like to have a program reboot the machine after it has finished. The routine ExitWindowsEx appears todo this, however the session token(?) must have the SE_ShutDown_Name privilege enabled. Since ExitWindowsEx will LogOff, but not ShutDown or ReBoot, I assume this privilege is not enabled. The routine AdjustPrivilegeTokens can be used to change this, but I am quickly descending into theinferno and seek counsel.
Is there an easier way?
Does anyone have a code example?
Thanks, Cliff
0 Kudos

Link Copied

9 Replies
Jugoslav_Dujic
Valued Contributor II
‎02-25-2004 01:11 PM
1,350 Views

Um, I deem Windows security APIs as a big black hole...

Alittle Googling, however, reveals this list -- the second link, for one, contains a code sample.

Jugoslav

0 Kudos
Copy link
llynisa
Beginner
‎02-25-2004 03:37 PM
1,350 Views
There is an example at ...df98samplesadvancedWin32ExitWin.
Alan
0 Kudos
Copy link
Intel_C_Intel
Employee
‎02-25-2004 04:16 PM
1,350 Views

Thanks to you both. I have the codeworking now for the most part and will share it here when finished.

Thanks again, Cliff

Message Edited by frieler on 02-25-2004 08:20 AM

0 Kudos
Copy link
garyscott
Beginner
‎02-25-2004 08:12 PM
1,350 Views
Hi, not sure what you mean by "black hole", but they sure are messy (although they're messy everywhere).
0 Kudos
Copy link
Jugoslav_Dujic
Valued Contributor II
‎02-26-2004 10:48 AM
1,350 Views
Yes, I meant they were messy.
That observation probably partly comes from my ignorance; however, once one gets used to basics, it's usually relatively easy to make a breakthrough in another field of Win32 programming. However, once I needed something from security APIs, I got lost very quickly in documentation -- all the talk about SIDs, privileges, tokens, impersonation... didn't make sense to me, so I gave up. I doubt I'll touch it again without anadvance reading of something like J. Richter's "Advanced Windows"... or just recycle someone other's code :smileywink:.
Jugoslav
0 Kudos
Copy link
Intel_C_Intel
Employee
‎02-26-2004 08:07 PM
1,350 Views

The attached code is a simple "Session Disposition" utility.

I have kept the functionality of this sample to a minimum and hope that the programming style is clear enough.

When one of my remote processes has ended, I execute this program to cleanup after myself. It can "LogOff", "ShutDown", "PowerOff" or "ReBoot", controlled by a command line string, i.e.,

C:> Dispose LogOff

Although this code only required afew calls to Win32, I agree with Jugoslav.The documentation isn't sufficiently clear or consistent, and without the code examples I could not have even gotten this simple utility working.

Thanks again to Jugoslav and Alan!

0 Kudos
Copy link
Intel_C_Intel
Employee
‎03-02-2004 03:00 PM
1,350 Views

Next issue.........

The code functions well, but only if the user session is active. If a screen saver has activated and requires a password, the code fails. This means that I need to interact with the screen-saver and it's security hooks, or find some other means.

Any ideas or suggestions?

Thanks, Cliff

0 Kudos
Copy link
Jugoslav_Dujic
Valued Contributor II
‎03-02-2004 04:38 PM
1,350 Views

I assume you want to shutdown the computer after a long number crunching?

You may take a look at SystemParametersInfo -> SPI_SETSCREENSAVEACTIVE or related flags. I know it's a cludge, though... but I'm not sure if there's the "right" way, as Windows keeps some security-related things unbreakable (e.g. there's LockWorkstation but there's no UnlockWorkstation and there may be no way to find a way around).
Still, you may want to ask/search Google groups such as comp.os.ms-windows.programmer.win32 or microsoft.public.platformsdk.security.
Jugoslav
0 Kudos
Copy link
Intel_C_Intel
Employee
‎03-04-2004 12:01 AM
1,350 Views

Jugoslav,

It appears that

SystemParametersInfo -> SPI_SETSCREENSAVEACTIVE

controls whether or not the screensaver (and locking mechanism) will activate. While disabling this would solve the problem for installations with good physical security, in my environment I don't want that (and don't have the authorization).

Your suggestion has still been of great value, because while reading about SystemParametersInfo, I found the function InitiateSystemShutDown. It appears to allow system shutdown and reboot even if the workstation is locked.It still requires the SE_ShutDown_Name privilege be enabled, so the previous answers in this thread will also be used. The net result is that I can do everything I wanted, except simply logging off a locked workstation. Since the result of a reboot is the same login screen presented tothe next user, I anticipate little real difference.

I'll post the resulting code when I have it working.

Thanks, Cliff

Message Edited by frieler on 03-03-2004 04:02 PM

0 Kudos
Copy link
Reply

Community support is provided Monday to Friday. Other contact methods are available here.

Intel does not verify all solutions, including but not limited to any file transfers that may appear in this community. Accordingly, Intel disclaims all express and implied warranties, including without limitation, the implied warranties of merchantability, fitness for a particular purpose, and non-infringement, as well as any warranty arising from course of performance, course of dealing, or usage in trade.

For more complete information about compiler optimizations, see our Optimization Notice.