Not an issue but a question: How to impersonate Local System user

Question

Not an issue but a question: How to impersonate Local System user

danielh1989 opened this issue 2 years ago · 1 comments

danielh1989 commented 2 years ago

I try to impersonate the LocalSystem user which is user for Windows Services.
I tried the following code:

using (var userHandle = UserCredentials.LocalSystem.LogonUser(LogonType.NewCredentials)) { WindowsIdentity.RunImpersonated(userHandle, () => { File.WriteAllText("Test.txt", "TEST"); }); }

But the file is always created as Owner "Administrators". My user-account, running this code, is part of the administrators-group, but I expect the Owner of the file to be "SYSTEM".
Which "LogonType" do I need to impersonate the LocalSystem account?

Answer 1 · 2022-12-06T00:22:50.000Z

The only way to impersonate the LocalSystem is to be running within a process that is already launched with LocalSystem as the owner. Anything less would create a security vulnerability.

This has come up before. See #8 and linked article therein. Thanks.