5

My program, "UP", needs to be able to mount VHDX files from network locations. The difficulty is that any thread calling OpenVirtualDisk(...) upon a network location needs to have both SE_MANAGE_VOLUME_PRIVILEGE, which most of my users will not have, and access to the network location, which any System process "SP" I install to get around this will not have.

Method 1: I've read I can have SP receive the user's credentials and use "client impersonation" to create a thread running as the user. But I don't know how to have SP also grant that thread SE_MANAGE_VOLUME_PRIVILEGE.

Method 2: If SP is handed the user's credentials, can it use them to set up transparent access for itself to the network share, so that it can call OpenVirtualDisk(...) itself?

Keith Russell
  • 560
  • 4
  • 12
  • I think I'm going with Method 2. I'll just pre-authenticate to the share using the user's credentials. – Keith Russell Jan 08 '20 at 16:25
  • Ooh, I'm possibly wrong: The same thread does not need both permissions at the same time. One thread can obtain the `HANDLE` to the VHDX by calling `OpenVirtualDisk`, which only requires authenticating to the network share. Another thread can (I think) pass that `HANDLE` to AttachVirtualDisk, which only requires `SE_MANAGE_VOLUME_PRIVILEGE`. – Keith Russell Jan 08 '20 at 17:19

0 Answers0