2

Using Win32 unmanaged C++, how can I get/lookup/create a User Token when I have the user SID?

I realize this is sort-of the reverse of most situations. I have a function that needs to resolve a specific user's %AppData% directory (and a few others) and as such, I am planning on using SHGetFolderPath, with a supplied user token. However, I don't have the token in the function, all that I have passed is the user's SID. I'd like to retrieve a user token for this method, so I can with reasonable accuracy resolve the folder path.

Disclaimer: Yes, I realize this is most likely an architectural problem. I have a very monolithic system that is in dire need of refactor, but I don't have enterprise authority (i'm an outside contractor, and this particular piece is probably the worst in the whole system).

NinjaMid76
  • 169
  • 8
  • AFAIK you would need to provide the users password to obtain a user token (via LogonUser) – Alex K. Jul 21 '15 at 16:40
  • @AlexK. I'm hoping there's another method as I don't see why I'd need to authenticate the user to get that info. – NinjaMid76 Jul 21 '15 at 16:54
  • 3
    Related http://stackoverflow.com/questions/1059460/shgetfolderpath-for-a-specific-user – Alex K. Jul 21 '15 at 16:57
  • 1
    Logging in as the the user gives you two things that you need to in order get that user's AppData directory. The first is the user's registry hive needs to be loaded, the second is that your application needs permission to read the user's registry entries. See the answer to the question Alex K linked above for how you do can do both of those things without a user token. You'll need administrative privileges. – Ross Ridge Jul 21 '15 at 17:14
  • @RossRidge I'd love to be able to login as the user, or even impersonate them somehow. However, I literally only have their SID. I would have no access to their password as that's stored in Active Directory and I don't have a UI available to prompt the user for it. – NinjaMid76 Jul 21 '15 at 17:45
  • Please read my comment in its entirety. – Ross Ridge Jul 21 '15 at 17:48
  • @NinjaMid76: A SID alone is not enough to get a user token. But, as the link AlexK provided says, if you have the SID and are running as an admin, you can simply load the registry hive that corresponds to the SID and read that user's `AppData` path directly without using `SHGetFolderPath()` at all. This is not a recommended approach, as the location of the `AppData` path in the Registry is subject to change from one version of Windows to another (thus why functions like `SHGetFolderPath()` exist), but it would work nonetheless, provided the SID is available on the local machine to begin with. – Remy Lebeau Jul 21 '15 at 18:25

0 Answers0