I did some research and did it (I'm not an expert on the Win32 API, but I'm really interested in this):
You can use ImpersonateLoggedOnUser , which requests a primary or impersonation token descriptor (with at least TOKEN_QUERY in both, TOKEN_DUPLICATE on the primary token, or TOKEN_IMPERSONATE on the impersonation token).
It would be very easy if you had the current login token and the correct privileges, you would just use ImpersonateLoggedOnUser , call the API function you want, and then call RevertToSelf to return to its original owner token.
But it is not so easy to get the user's current token. You must either use LogonUser username and password (which seems incorrect), or own a Windows service with sufficient privileges so that you can call WTSQueryUserToken , which may differ from what type of project you are developing.
Or, if you really want to do this using the normal process, you can also explore Authentication Features , where you can take advantage of the new UAC for Windows and security contexts that can be a little complicated to work with.
There is also this method, which I'm not sure if it works: Impersonate yourself as a standard user (getting a token using OpenProcessToken in explorer.exe ).
Some links that I found useful:
I suggest: make sure that you really need to impersonate the user when calling the API function that you talked about before continuing. See if there is another way to accomplish what you want.
You can also specify which API function you are trying to use, which may redirect you to another simpler question.