I’ve made some research and concluded this (I’m not a Win32 API expert, but I’m really interested in it):

You can use ImpersonateLoggedOnUser, which asks for a primary or an impersonation token handle (with at least TOKEN_QUERY in both, TOKEN_DUPLICATE on a primary token, or TOKEN_IMPERSONATE on an impersonation token).

It would be very easy, if you had the current logged on user token, and the right privileges, you’d just use ImpersonateLoggedOnUser, call the API function that you want, and then call RevertToSelf to return to its original owner token.

But it’s not that easy to get the current logged on user token. You’d have to either use LogonUser specifying the user’s name and password (which doesn’t seem right), or own a Windows service with sufficient privileges to let you call WTSQueryUserToken, which may differ from what type of project you are developing.

Or, if you are really willing to do this with an ordinary process, you could also explore the Authentication Functions, where you can take advantage of the newly Windows UAC and security contexts, which may be a little complex to work with.

There is also this method which I’m not sure if it works: Impersonate standard user (getting the token by using OpenProcessToken on explorer.exe).

Some links I found useful:

• MSDN – Client Impersonation (Windows)
• MSDN – Access Tokens (Windows)
• MSDN – LsaLogonUser function (Windows)
• A Simple Impersonation Program Example
• CodeProject – User Impersonation
• CodeProject – Vista UAC: The Definitive Guide

I suggest: make sure you really need to impersonate an user when calling the API function you mentioned, before going on. See if there is another path to accomplish what you want.

You could also specify which API function you are trying to use, which may redirect you to another simpler question.