Thread: LogonUser questions

Since no one else has had a crack, here goes, but be warned this knowledge is sketchy.

1) How (exactly) is LOGON32_LOGON_INTERACTIVE different from LOGON32_LOGON_NETWORK?

It is my understanding that interactive logon loads a windows station, desktop and the user's profile. This consumes a few megabytes of extra resources compared to the network logon.

[2) Do these logon types produce different underlying handles?

According to the LogonUser docs the network logon produces an impersonation token.

[3) If so, how are the handles different?

The exact meaning of an imersonation token is beyond me. However, I believe it is more limited than a normal token. I've seen references that it can't be used to access some network resources. I think this may have something to do with not being able to impersonate an impersonated impersonation token. If that sentence made any sence at all I am deeply surprised.

[5) Is there any reason(s) why you wouldn't authenticate using INTERACTIVE?

It is a heavy use of resources.

[6) What are the ways that an interactive logon could fail, where a network logon could succeed?

As mentioned in the documents the interactive logon requires the LOGON32_LOGON_INTERACTIVE (Allow local logon) privilige enabled on the specified account.

It should be noted that prior to XP LogonUser is effectively only useable from a service running under the LocalSystem account.
Depending on your scenario there may be other solutions.

You are likely to get superior information for a question like this at a specialised newsgroup.

microsoft.public.platformsdk.security

microsoft.public.win32.programmer.kernel

Just in case you don't have the most up-to-date reference:

LogonUser()
LogonUserEx()

Never used these myself...

gg