I am trying to load a user profile (using LoadUserProfile- http://msdn.microsoft.com/en-us/library/windows/desktop/bb762281%28v=vs.85%29.aspx ), but the API fails when the domain user user Windows
The application starts with the Administrative user (not the System account, the same code in the service that works with the system account).
The same code works if the user I want to access is a local user.
Is there a restriction for LoadUserProfile and a Windows domain user? LoadUserProfile returns Access denied. Are there any policies that restrict the API?
My code does the following:
- Logonuser
- LoadUserProfile - this failure is not possible.
- ImpersonateLoggedOnUser
I am not sure if the problem is 100% related to my code, because if I run
runas / user: domain \ user cmd.exe I have the same failure: "Access denied"
So, it seems that there are policies that control the behavior of domain users.
source
share