ImpersonateLoggedOnUser and starting a new process that uses ocx fails

Question

I write a c++ windows application (A), that uses LogonUser, LoadUserProfile and ImpersonateLoggedOnUser to gain the rights of another user (Y). Meaning the A starts using the user that is logged on on the workstation (X). If the user wants to elevate his rights he can just press a button and logon as another user without having to log himself out of windows and back in.

The situation now is (according to the return values of the functions): LogonUser works, LoadUserProfile works and ImpersonateLoggedOnUser works as well.

After the impersonation I start another process. This process is an application (B) that needs an OCX control. This fails and the application tells me that the .oxc file is not properly installed.

The thing is, if I start B directly as the user that is logged on to the machine (X), it works. If I start B directly as the user (Y) to which I want to elevate my rights using A, it works.

If I am logged in as (X) and choose "run as" (Y) in the explorer, it works!

Do you know which steps I need to do to do the same as the "run as" dialog from windows?

Answer 1

Thank you all for your help. The following was able to solve the issue for me:
I start the desired process using CreateProcessWithLogonW(). To get that function working properly I have to RevertToSelf() before I call it and do the impersonation again afterwards.

So the sequence is now:

LogonUser()
LoadUserProfile()
ImpersonateLoggedOnUser()
// work with the app
RevertToSelf()
CreateProcessWithLogonW()
// do the impersonation stuff again

Answer 2

I'm not sure, but looks like impersonation is not enough - impersonation relates only to process (A), instead try CreateProcess with ProcessAttributes/ThreadAttributes explicitly set to impersonated user from windows' ACL