Wilson WindowWare Tech Support

WinBatch WinBatch+Compiler WebBatch
Home | Tech Database | Tech BBS | White Papers | Purchase

wntRunAsUser Error 637

 Keywords:  wntRunAsUser Error 637 Act as part of the operating system

Question:

Got a quick question to figure out. Say I have a w2k/nt4 machine that is logged on as "jsmith" and this "jsmith" account doesn't have Admin rights/privileges on this machine. Now what I need to do is to be able to create a new account, call it "DATAUPLOAD", that does have Admin rights/privileges.

Now, I could just login using the administrator account, create this new account, & then logon again as DATAUPLOAD.But where would be the winbatch fun in that?

What I'd like to be able to do is NOT have to log off "jsmith" & then log in as "Administrator" in order to create the "DATAUPLOAD" account. So I've been reading into the wntRunAsUser function & I can't get it to work.....yet.

I already have the code to create the "DATAUPLOAD" account. I just can't figure out how run as the "Administrator" account with the required rights/privileges that are needed to create the "DATAUPLOAD" account. 

AddExtender("WWWNT34i.DLL")
curuser=wntGetUser(@DEFAULT)
Message("Current user:",curuser)
;run as new user
user="Administrator"
pswd="test"
ret = wntRunAsUser( "", user, pswd, 2, 0)
newuser=wntGetUser(@DEFAULT)
Message("Running as new user:",newuser)
f=wntUserExist("", "DATAUPLOAD")
if f == @false
wntUserAddDat("name", "DATAUPLOAD")
wntUserAddDat("password", "YIPPIE")
wntUserAddDat("comment", "This is a Windows 2000 Data Upload account")
wntUserAddDat("flags", 1+64+65536)
wntUserAddDat("acct_expires", "0000:00:00:00:00:00")
wntUserAdd("")
wntMemberSet("","Administrators","DATAUPLOAD",@LOCALGROUP)
endif
exit

When I run this I get: 

WIL Extender error 637: Privilege 'Act as part of the operating system' not
held on line: 
ret = wntRunAsUser( "", user, pswd, 2, 0)
Any ideas??

Answer:

In order for "jsmith" to use wntRunAsUser(), the account "jsmith" must have the following privileges:
  1. Act as part of operating system
  2. Increase quotas
  3. Replace a process level token
W/o having these privileges, you cannot use wntRunAsUser(). Granting these privileges to a normal user effectively makes that user an administrator, or at least allows them to easily become one if they desire to do so.

Alternatively you can use the RunWithLogon function (See WIL help file). This function doesn't require the logged in user have any special permissions. However it is limited to working on Windows 2000 and XP only.