I want to fetch an access token of a logged in user using WTSQueryUserToken(), but it returns error code: 1314.
My code for reference:
DWORD sessionId = -1;
DWORD sessionCount = 0;
WTS_SESSION_INFOW* pSession = NULL;
if (WTSEnumerateSessionsW(WTS_CURRENT_SERVER_HANDLE, 0, 1, &pSession, &sessionCount))
{
if (pSession != NULL)
{
for (int i = 0; i < sessionCount; i++)
{
sessionId = pSession[i].SessionId;
WTS_CONNECTSTATE_CLASS wts_connect_state = pSession[i].State;
if (wts_connect_state == WTSActive)
{
HANDLE currentToken;
if (WTSQueryUserToken(sessionId, ¤tToken)) {
printf("Access token is obtained \n");
}
else
{
printf("WTSQueryUserToken : failed - %d\n", GetLastError());
}
}
}
WTSFreeMemory(pSession);
}
}
I have confirmed that the application runs with LocalSystem account privilege and SE_TCB_NAME privilege is already enabled for it.
I confirmed the account by using the following code:
HANDLE process = GetCurrentProcess();
HANDLE processToken;
BOOL openTokenRet = OpenProcessToken(process, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &processToken);
SID returned by the process token is S-1-5-18
Also, I have checked the privileges enabled for the SYSTEM account by using "whoami /priv" and got to see that SeTcbPrivilege is enabled for the same.
I want to know if any other privilege is required, or anything I am missing here, to get the token using WTSQueryUserToken()
.