// Beispielaufruf
var
  Res: THandle;
  bValid: Boolean;
begin
  Res := Logon('Knut', '.', 'geheim', LOGON32_LOGON_INTERACTIVE);
  bValid := (Res <> INVALID_HANDLE_VALUE);
  if bValid then begin
    CloseHandle(Res); // Handle unbedingt wieder schließen!!
    ShowMessage('Logon erfolgreich');
  else ShowMessage('Logon fehlgeschlagen');
end;

// notwendige Methoden, Konstanten, Typen
uses
  Windows;

type
  TLogonRec = record
    U, D, P : PChar;
    Flag   : Cardinal;
    Token  : THandle;
  end;

  PrivFun = function(var UserData) : bool;

const
  SE_CHANGE_NOTIFY_NAME            = 'SeChangeNotifyPrivilege';

procedure PrivilegedExec(const Prv: string; Fun: PrivFun; var UserData);
var
  Acc : THandle;
  NT  : TTokenPrivileges;
  OT  : ^TTokenPrivileges;
  i   : Cardinal;
begin
  if OpenProcessToken(GetCurrentProcess, TOKEN_ADJUST_PRIVILEGES, Acc)
  then begin
    // working on NT
    NT.PrivilegeCount := 1;
    NT.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
    LookupPrivilegeValue(nil, PChar(Pointer(Prv)), NT.Privileges[0].Luid);
    OT := nil;
    AdjustTokenPrivileges(Acc, false, NT, 0, OT^, i);
    try
      if not Fun(UserData)
      then RaiseLastOSError;
    finally
      AdjustTokenPrivileges(Acc, true, NT, 0, OT^, i);
    end;
  end else begin
    // working on W95/98
    if not Fun(UserData)
    then RaiseLastOSError;
  end;
end;

function _Logon2(var Data) : Bool;
begin
  with TLogonRec(Data) do
  Result := LogonUser(U, D, P, Flag, LOGON32_PROVIDER_DEFAULT, Token);
end;

function Logon(const User, Domain, Passw: string; Flag: Integer): THandle;
var
  LR : TLogonRec;
begin
  LR.U := PChar(User);
  LR.D := PChar(Domain);
  LR.P := PChar(Passw);
  LR.Flag := Flag;
  LR.Token := 0;
  PrivilegedExec(SE_CHANGE_NOTIFY_NAME, _Logon2, LR);
  Result := LR.Token;
end;

  Res := Logon(UserNm.Text, '.', PassWd.Text, LOGON32_LOGON_INTERACTIVE);

//Prozedur: PrivilegedExec
    try
      if not Fun(UserData)
      then RaiseLastOSError;  //<-- Hier
    finally
      AdjustTokenPrivileges(Acc, true, NT, 0, OT^, i);
    end;

try

except
// wird nur ausgeführt wenn ein Fehler auftritt
// Exception wird abgefangen (falls kein raise innerhalb des Blocks steht)
end

try

finally
// wird immer (d.h. bei normalem Ablauf & im Fehlerfall) ausgeführt
// aufgetretene Exceptions werden immer weitergereicht!!
end

// Beispielaufruf
var
  Res: THandle;
  bValid: Boolean;
begin
  try
    Res := Logon('Knut', '.', 'geheim', LOGON32_LOGON_INTERACTIVE);
  except
    Res := INVALID_HANDLE_VALUE;
  end;
  bValid := (Res <> INVALID_HANDLE_VALUE);
  if bValid then begin
    CloseHandle(Res); // Handle unbedingt wieder schließen!!
    ShowMessage('Logon erfolgreich');
  else ShowMessage('Logon fehlgeschlagen');
end;

function rightPwd(Name, Pwrd: string): boolean;
var
  Res: THandle;
  bValid: Boolean;
begin
  result := false;
  Res := Logon(Name, '.', Pwrd, LOGON32_LOGON_INTERACTIVE);
  bValid := (Res <> INVALID_HANDLE_VALUE);
  if bValid then begin
    CloseHandle(Res); // Handle unbedingt wieder schließen!!
    result := true;
  end;
end;

  if not Fun(UserData)
  then RaiseLastOSError;

function Logon(const User, Domain, Passw: string; Flag: Integer): THandle;
var
  LR : TLogonRec;
begin
  LR.U := PChar(User);
  LR.D := PChar(Domain);
  LR.P := PChar(Passw);
  LR.Flag := Flag;
  LR.Token := INVALID_HANDLE_VALUE; // hier ändern !!!
  PrivilegedExec(SE_CHANGE_NOTIFY_NAME, _Logon2, LR);
  Result := LR.Token;
end;