using WIN32 API CreateProcessAsUser in Python

First, you should know that the Python extensions for Windows API is closely mapped to the Windows API. In this use case, the following links should prove very useful to you:

• LogonUserA function (ANSI) and LogonUserW function (Unicode)
• CreateProcessAsUserA function (ANSI) and CreateProcessAsUserW function (Unicode)
• STARTUPINFOA structure (ANSI) and STARTUPINFOW structure (Unicode)

If you study these documents together with the pywin documentation, you'll learn quite a ton.

That being written, note that in order to use CreateProcessAsUser(), you must hold the privilege SE_INCREASE_QUOTA_NAME, and possibly SE_ASSIGNPRIMARYTOKEN_NAME. These can be assigned on your local workstation (assuming you're admin) via secpol.msc > User Rights Assignment.

To understand how these privileges map to rights shown in secpol.msc, use this link:

• Privilege Constants (Authorization)

Now on to the code:

# First create a token. We're pretending this user actually exists on your local computer or Active Directory domain.
user = "ltorvalds"
pword = "IAMLINUXMAN"
domain = "." # means current domain
logontype = win32con.LOGON32_LOGON_INTERACTIVE
provider = win32con.LOGON32_PROVIDER_WINNT50
token = win32security.LogonUser(user, domain, pword , logontype, provider)

# Now let's create the STARTUPINFO structure. Read the link above for more info on what these can do.
startup = win32process.STARTUPINFO()

# Finally, create a cmd.exe process using the "ltorvalds" token.
appname = "c:\\windows\\system32\\cmd.exe"
priority = win32con.NORMAL_PRIORITY_CLASS
win32process.CreateProcessAsUser(token, appname, None, None, None, True, priority, None, None, startup)

Hope this helps.