// Beispielaufruf
var
  Res: THandle;
  bValid: Boolean;
begin
  Res := Logon('Knut', '.', 'geheim', LOGON32_LOGON_INTERACTIVE);
  bValid := (Res <> INVALID_HANDLE_VALUE);
  if bValid then begin
    CloseHandle(Res); // Handle unbedingt wieder schließen!!
    ShowMessage('Logon erfolgreich');
  else ShowMessage('Logon fehlgeschlagen');
end;

// notwendige Methoden, Konstanten, Typen
uses
  Windows;

type
  TLogonRec = record
    U, D, P : PChar;
    Flag : Cardinal;
    Token : THandle;
  end;

  PrivFun = function(var UserData) : bool;

const
  SE_CHANGE_NOTIFY_NAME = 'SeChangeNotifyPrivilege';

procedure PrivilegedExec(const Prv: string; Fun: PrivFun; var UserData);
var
  Acc : THandle;
  NT : TTokenPrivileges;
  OT : ^TTokenPrivileges;
  i : Cardinal;
begin
  if OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, Acc)
  then begin
    // working on NT
    NT.PrivilegeCount := 1;
    NT.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
    LookupPrivilegeValue(nil, PChar(Pointer(Prv)), NT.Privileges[0].Luid);
    OT := nil;
    AdjustTokenPrivileges(Acc, false, NT, 0, OT^, i);
    try
      if not Fun(UserData)
      then RaiseLastOSError;
    finally
      AdjustTokenPrivileges(Acc, true, NT, 0, OT^, i);
    end;
  end else begin
    // working on W95/98
    if not Fun(UserData)
    then RaiseLastOSError;
  end;
end;

function _Logon2(var Data) : Bool;
begin
  with TLogonRec(Data) do
  Result := LogonUser(U, D, P, Flag, LOGON32_PROVIDER_DEFAULT, Token);
end;

function Logon(const User, Domain, Passw: string; Flag: Integer): THandle;
var
  LR : TLogonRec;
begin
  LR.U := PChar(User);
  LR.D := PChar(Domain);
  LR.P := PChar(Passw);
  LR.Flag := Flag;
  LR.Token := 0;
  PrivilegedExec(SE_CHANGE_NOTIFY_NAME, _Logon2, LR);
  Result := LR.Token;
end;