Is it possible to supply empty password in CreateProcessWithLogonW?

Question

Been trying to figure this out while also searching the web.

Below is a working code:

bool isCreated = false;
if (requireAdmin)
{
    isCreated = CreateProcessWithLogonW(userName.c_str(), domainName.c_str(), userPass.c_str(), LOGON_WITH_PROFILE, NULL, command, 0, NULL, NULL, &startUpInfo, &procInfo);
}
else
{
    isCreated = CreateProcessW(NULL, command, NULL, NULL, FALSE, 0, NULL, NULL, &startUpInfo, &procInfo);
}

EXCEPT when supplied with an Administrator that has no password (which is fine with Windows)

So is it possible? I'd like to align with Windows behavior as much as possible unless an official document says otherwise.

Reference with the sort of similar problem (also unanswered): https://forums.codeguru.com/showthread.php?482203-LogonUser-fails-with-empty-password-Why

UPDATE

Additional information:

The function above is called by an application that also requires Admin privileges.

Application - Run As Admin (no password)

Function - using Admin (no password)

Did you try simply passing an empty string in the password parameter? Or a null pointer? Those are your own options when you don't have any other password value to pass in. — Remy Lebeau, Mar 14 '23 at 14:35
It is an empty string, it was just two double quotation marks — LindaSingh, Mar 15 '23 at 05:27

score 1 · Answer 1 · answered Mar 15 '23 at 09:12

1

According to the doc:CreateProcessWithLogonW function

lpPassword:The clear-text password for the lpUsername account.

If the password for the username account is an empty string? If so, as far as I'm concerned, you could use empty string in CreateProcessWithLogonW.

answered Mar 15 '23 at 09:12

Jeaninez - MSFT

3,210
1
5
20

I already saw that document and it only mentioned clear-text password not empty/blank. I initially thought I could use empty string but it doesn't work. – LindaSingh Mar 15 '23 at 11:12
I made an update to the question, adding the reference link to a similar problem – LindaSingh Mar 15 '23 at 11:13
@LindaSingh did you try a null pointer? An empty string and a null string are not the same thing. – Remy Lebeau Mar 15 '23 at 14:50
Also tried that, still doesn't work. I added additional information above – LindaSingh Mar 16 '23 at 07:12

score 1 · Answer 2 · answered Mar 16 '23 at 02:11

1

The thread you posted CreateProcessAsUser/CreateProcessWithLogonW fails with empty password because of local policy. Like this:

If you want to use CreateProcessAsUser/CreateProcessWithLogonW with empty password, you must disable the limit.

Then I used the CreateProcessWithLogonW function to open the specified loggg.exe by setting an empty password. The program works well.

answered Mar 16 '23 at 02:11

YangXiaoPo-MSFT

1,589
1
4
22

Limit policy in gpedit.msc is Disabled by default. I updated the question with additional information – LindaSingh Mar 16 '23 at 07:14
@LindaSingh I ran my program successfully under any condition. What's the error code of *CreateProcessWithLogonW*? Do your account have the [**Log On Locally permission on the local computer**](https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createprocesswithlogonw#parameters)? – YangXiaoPo-MSFT Mar 16 '23 at 08:17
Here's the error: `The stub received bad data.` – LindaSingh Mar 16 '23 at 10:39
Hello @LindaSingh, Try to [Specify domain](https://stackoverflow.com/questions/18807924/stub-received-bad-data). – YangXiaoPo-MSFT Mar 17 '23 at 01:43
Also see https://stackoverflow.com/questions/67066150/run-a-process-as-administrator-from-non-admin-user-local-admin-credentials. For *The directory name is invalid*, [Specify WorkingDirectory](https://stackoverflow.com/questions/990562/win32exception-the-directory-name-is-invalid). – YangXiaoPo-MSFT Mar 17 '23 at 07:13
hello @YangXiaoPo-MSFT, I did add a domain though the PC is not part of a domain. So I used its hostname – LindaSingh Apr 24 '23 at 09:57
@LindaSingh So did you successfully call CreateProcessWithProcessW? Do you have any other questions? – Torrecto - MSFT Apr 25 '23 at 02:17
hello @Torrecto-MSFT, it was not successful. Even specifying the domain which is the hostname, it will still return the error `The stub received bad data.` – LindaSingh Apr 25 '23 at 09:41
@LindaSingh I can only give you some advice. First of all, avoid using the `c_str( )` function in the account and password to convert the string type, directly use the string `L "Administrator"`. If no more errors are returned, you can determine that an error occurred in the data during string conversion. Secondly, set the domain to `NULL`. If the error is not returned, you can confirm that it is a domain authority issue. Of course, it may also be related to native permissions, refer to https://stackoverflow.com/questions/27272919/createprocesswithlogonw-error-1783-the-stub-received-bad-data – Torrecto - MSFT Apr 26 '23 at 09:36

Is it possible to supply empty password in CreateProcessWithLogonW?

2 Answers2