Is it possible to impersonate a user without logging him on?

You can impersonate a user without supplying password by calling ZwCreateToken. See the CreatePureUserToken function in this article: GUI-Based RunAsEx You must be running as an admin (or LocalSystem) for this to work.

Another technique is to use Windows Subauthentication Packages. This allows you to override windows built-in authentication and allow a LogonUser to succeed even if no password was supplied. See this KB article.

No, you have to call Win32 API LogonUser function to get windows account token back so you can then impersonate.