I met quite a problem during writting my software.
The software is doing delayed deletion of files and folders. Main algorythm is in win32 service which gets data and user credentials from db. For deleting an object it must impersonate itself as user that had added it in db. It's kind of security precaution for software for not allowing to delete system objects or that this user had no right to delete.
Actually everything goes good with domain users and with local users exept one little case: if user has no password.
Similar question has been asked here before but there has been no solution that made me satisfied. The solution that was proposed in similar post is to change local security policy which makes a huge hole in system's security. I think when the software changes system policies is not 'comme il faut'.
First i thought about filling ACL with user credentials and getting user's determining user rights on object and then just delete it with service itself with LocalSystem privileges, but i'm not sure that is "good style" to perform my task. So i still need to delete object under user's security context.
Looking forward to your answers.
Best regards, Alexey.