I have been trying to find a good example of how to use the CreateProcessAsUser() WIN32 API in Python along side the LogonUser() API, but to no avail.
Any help on this would be greatly appreciated.
First, you should know that the Python extensions for Windows API is closely mapped to the Windows API. In this use case, the following links should prove very useful to you:
If you study these documents together with the pywin documentation, you'll learn quite a ton.
That being written, note that in order to use CreateProcessAsUser(), you must hold the privilege SE_INCREASE_QUOTA_NAME, and possibly SE_ASSIGNPRIMARYTOKEN_NAME. These can be assigned on your local workstation (assuming you're admin) via secpol.msc > User Rights Assignment.
To understand how these privileges map to rights shown in secpol.msc, use this link:
Now on to the code:
# First create a token. We're pretending this user actually exists on your local computer or Active Directory domain.
user = "ltorvalds"
pword = "IAMLINUXMAN"
domain = "." # means current domain
logontype = win32con.LOGON32_LOGON_INTERACTIVE
provider = win32con.LOGON32_PROVIDER_WINNT50
token = win32security.LogonUser(user, domain, pword , logontype, provider)
# Now let's create the STARTUPINFO structure. Read the link above for more info on what these can do.
startup = win32process.STARTUPINFO()
# Finally, create a cmd.exe process using the "ltorvalds" token.
appname = "c:\\windows\\system32\\cmd.exe"
priority = win32con.NORMAL_PRIORITY_CLASS
win32process.CreateProcessAsUser(token, appname, None, None, None, True, priority, None, None, startup)
Hope this helps.