Vasilich
commented
1 year ago What is shown in column "User name" for this process?
Open Kizaemon opened 1 year ago
Vasilich
commented
1 year ago What is shown in column "User name" for this process?
Kizaemon
commented
1 year ago It is my local user, not the impersonified user.
The impersonified user appears as LogonSessionId. Not sure if it is possible to get back the original xdomain\xuser from this SID.
Kizaemon
commented
1 year ago SysInternals logonsessions.exe -p also does not recover xdomain\xuser from the LogonSessionId_0_100791118
dmex
commented
4 months ago SysInternals logonsessions.exe -p also does not recover xdomain\xuser from the LogonSessionId_0_100791118
Try running this command and enter any random characters when prompted for a password:
RUNAS /NETONLY /U:FAKEDOMAIN\FAKEUSER CMD.EXE
A new process is created with multiple logon sessions but the domain/user doesn't exist.
I am running an application with impersonification in a different untrusted domain. When looked at the process properties, I cannot find anywhere the xdomain\xuser information.
The /netonly parameter executes the process as the current user and does not execute with xdomain\xuser.
Description of the feature, modification, idea or suggestion
I am running an application with impersonification in a different untrusted domain.
C:\Windows\System32\runas.exe /user:xdomain\xuser /netonly "C:\Program Files (x86)\Microsoft SQL Server Management Studio 19\Common7\IDE\Ssms.exe"When looked at the process properties, I cannot find anywhere the xdomain\xuser information. I wonder if it would be of value to show the impersonification context.
Perhaps the the reference is shown in Token tab as as an additional logon session
NT AUTHORITY\LogonSessionId_0_94221819.Proposed implementation details (optional)
No response