// 不虚拟登陆用户的话，创建新进程会提示
  // 1314 客户没有所需的特权错误
  //
  ImpersonateLoggedOnUser( hNewToken );


  //
  // 我们仅仅是需要建立高权限进程，不用切换用户
  // 所以也无需设置相关桌面，有了新 TOKEN 足够
  //


  //
  // 利用具有所有权限的 TOKEN，创建高权限进程
  //
  if ( !CreateProcessAsUser( hNewToken,
                             NULL,
                             szProcessName,
                             NULL,
                             NULL,
                             FALSE,
                             NULL, //NORMAL_PRIORITY_CLASS | Create_NEW_CONSOLE,
                             NULL,
                             NULL,
                             &si,
                             &pi ) )
  {
    printf( "CreateProcessAsUser() = %d\n", GetLastError() );  

    bError = TRUE;
    goto Cleanup;
  }

  bError = FALSE;

  Cleanup:
  if ( pOrigSd )
  {
    HeapFree( GetProcessHeap(), 0, pOrigSd );
  }
  if ( pNewSd )
  {
    HeapFree( GetProcessHeap(), 0, pNewSd );
  }
  if ( pSidPrimary )
  {
    HeapFree( GetProcessHeap(), 0, pSidPrimary );
  }
  if ( pSidOwner )
  {
    HeapFree( GetProcessHeap(), 0, pSidOwner );
  }
  if ( pSacl )
  {