{
	"id": "e0e29542-3dff-41f6-b6c7-7fb8f7718904",
	"created_at": "2026-04-06T00:14:53.974814Z",
	"updated_at": "2026-04-10T03:20:32.59346Z",
	"deleted_at": null,
	"sha1_hash": "0193ce68da9ad0fc9ac2e664d2d22110dec409c9",
	"title": "ImpersonateLoggedOnUser function (securitybaseapi.h) - Win32 apps",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 60694,
	"plain_text": "ImpersonateLoggedOnUser function (securitybaseapi.h) - Win32\r\napps\r\nBy GrantMeStrength\r\nArchived: 2026-04-05 21:07:40 UTC\r\nThe ImpersonateLoggedOnUser function lets the calling thread impersonate the security context of a logged-on\r\nuser. The user is represented by a token handle.\r\nBOOL ImpersonateLoggedOnUser(\r\n [in] HANDLE hToken\r\n);\r\n[in] hToken\r\nA handle to a primary or impersonation access token that represents a logged-on user. This can be a token handle\r\nreturned by a call to LogonUser, CreateRestrictedToken, DuplicateToken, DuplicateTokenEx, OpenProcessToken,\r\nor OpenThreadToken functions. If hToken is a handle to a primary token, the token must have TOKEN_QUERY\r\nand TOKEN_DUPLICATE access. If hToken is a handle to an impersonation token, the token must have\r\nTOKEN_QUERY and TOKEN_IMPERSONATE access.\r\nIf the function succeeds, the return value is nonzero.\r\nIf the function fails, the return value is zero. To get extended error information, call GetLastError.\r\nThe impersonation lasts until the thread exits or until it calls RevertToSelf.\r\nThe calling thread does not need to have any particular privileges to call ImpersonateLoggedOnUser.\r\nIf the call to ImpersonateLoggedOnUser fails, the client connection is not impersonated and the client request is\r\nmade in the security context of the process. If the process is running as a highly privileged account, such as\r\nLocalSystem, or as a member of an administrative group, the user may be able to perform actions they would\r\notherwise be disallowed. Therefore, it is important to always check the return value of the call, and if it fails, raise\r\nan error; do not continue execution of the client request.\r\nAll impersonate functions, including ImpersonateLoggedOnUser allow the requested impersonation if one of the\r\nfollowing is true:\r\nThe caller has the SeImpersonatePrivilege privilege.\r\nA process (or another process in the caller's logon session) created the token using explicit credentials\r\nthrough LogonUser or LsaLogonUser function.\r\nThe authenticated identity is same as the caller.\r\nhttps://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx\r\nPage 1 of 3\n\nImportant\r\nThe token must have an impersonation level of SecurityImpersonation or higher for impersonation to succeed.\r\nTokens with SecurityIdentification or SecurityAnonymous levels cannot be used for impersonation, even if the\r\ncaller has SeImpersonatePrivilege. SecurityIdentification tokens allow identity verification and ACL checks but\r\ndo not permit impersonation.\r\nThe behavior varies based on the token's impersonation level:\r\nSecurityAnonymous: The server cannot obtain client identity information and cannot impersonate the\r\nclient.\r\nSecurityIdentification: The server can obtain the client's identity and perform access validation, but\r\ncannot impersonate the client. This is the default level for many scenarios.\r\nSecurityImpersonation: The server can impersonate the client's security context on the local system. This\r\nis the minimum level required for ImpersonateLoggedOnUser to succeed.\r\nSecurityDelegation: The server can impersonate the client on remote systems as well as locally.\r\nWindows XP with SP1 and earlier: The SeImpersonatePrivilege privilege is not supported.\r\nFor more information about impersonation, see Client Impersonation.\r\nRequirement Value\r\nMinimum supported client Windows XP [desktop apps only]\r\nMinimum supported server Windows Server 2003 [desktop apps only]\r\nTarget Platform Windows\r\nHeader securitybaseapi.h (include Windows.h)\r\nLibrary Advapi32.lib\r\nDLL Advapi32.dll\r\nClient/Server Access Control Functions\r\nClient/Server Access Control Overview\r\nCreateProcessAsUser\r\nCreateRestrictedToken\r\nDuplicateToken\r\nDuplicateTokenEx\r\nLogonUser\r\nhttps://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx\r\nPage 2 of 3\n\nOpenProcessToken\r\nOpenThreadToken\r\nRevertToSelf\r\nSource: https://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx\r\nhttps://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"references": [
		"https://msdn.microsoft.com/en-us/library/windows/desktop/aa378612(v=vs.85).aspx"
	],
	"report_names": [
		"aa378612(v=vs.85).aspx"
	],
	"threat_actors": [],
	"ts_created_at": 1775434493,
	"ts_updated_at": 1775791232,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0193ce68da9ad0fc9ac2e664d2d22110dec409c9.pdf",
		"text": "https://archive.orkl.eu/0193ce68da9ad0fc9ac2e664d2d22110dec409c9.txt",
		"img": "https://archive.orkl.eu/0193ce68da9ad0fc9ac2e664d2d22110dec409c9.jpg"
	}
}