Community technical support mailing list was retired 2010 and replaced with a professional technical support team. For assistance please contact: Pre-sales Technical support via email to sales@march-hare.com.
Glen, I swear that I did not try to sabotage the system by myself! I am trying to find something that could possibly affect CVSNT. From the last time I used CVSNT (and it worked fine), I installed few patches for Win2K and added a new local user account - that's all! I even think that I can discover which patch numbers where installed. From the documentation I understand that the CreateToken privilege is required for *non-system* accounts (that is because the system account has this privilege). But I cannot explain why I could not see that privilege in the process explorer. I tried to give the SeCreateTokenPrivilege to the SYSTEM account and even to Everybody - did not work and did not show up in process explorer either. Thanks for your fast reply, Adrian. Glen Starrett wrote: > Adrian Herscu wrote: > >> 2) cvsservice.exe process is configured to run under LocalSystem >> account (and the service is allowed to interact with desktop) and the >> following *disabled* privileges showup in the process explorer: >> SeAssignPrimaryTokenPrivilege >> SeBackupPrivilege >> SeCreateTokenPrivilege >> SeIncreaseQuotaPrivilege >> SeLoadDriverPrivilege >> SeRestorePrivilege >> SeSecurityPrivilege >> SeShutDownPrivilege >> SeSystemEnvironmentPrivilege >> SeSystemtimePrivilege >> SeTakeOwnershipPrivilege >> SeUndockPrivilege > > > I think CVSNT uses the CreateToken privilege in order to do the > impersonation. From the sounds of it you disabled that yourself? Have > you tried re-enabling those permissions and seeing what happens? >