none
Launch Process as User under admin rights from Service .. RRS feed

  • Question

  • HI,

    I made an exe with "Highestavailable" privileges (under admin rights) and i need to run this exe from service under logon user account. for now I'm getting token from "Winlogon" and running my exe under these token, but winlogon is running under system account so my exe is also running under system account which is not feasible in my case, i also try to get token from "explorer" but under these token service can't run exe under admin rights .. can anyone help me, I'm using vb.net and win 7 .

    thanks and regards ..

    Monday, June 2, 2014 1:10 PM

Answers

  • correct answer is ..

    we can get login user token by using .. WTSQueryUserToken(WTSGetActiveConsoleSessionId, UserTokenHandle)

    then we can use GetTokenInformation and Token linked Token to get the elevated token of the UserTokenHandle (only if user has admin rights) ..

    then we can make the token primary by using DuplicateTokenEx and then we can launch application by using CreateProcessAsUser and the Primary token ..

    • Marked as answer by Wall.E Wednesday, June 18, 2014 1:14 PM
    Wednesday, June 18, 2014 1:13 PM

All replies

  • Hello,

    Is the service a windows service application? If it is, unfortunately, starting from Windows Vista, a service cannot interact with the desktop. We will not be able to run any windows or console windows application that are started from a service. See this MSDN forum thread.

    And there is a discussion for it:

    http://stackoverflow.com/questions/5307968/how-can-i-run-an-exe-program-from-a-windows-service-using-c

    If I misunderstand, please let me know.

    Regards.


    We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place.
    Click HERE to participate the survey.

    Tuesday, June 3, 2014 6:23 AM
    Moderator
  • thanks for the reply ..

    yes it is windows service application running in windows 7. I successfully launched the exe in loged in user session, if exe have normal user rights. but if i try to launch exe that is compiled with admin rights, I'm failed to launch it possibly due to UAC, because in windows 7 even administrator accounts are running with standard user privileges unless certain applications prompts for admin rights, so m getting tokens from logged in user's account(from window's explorer) which is admin in my case but possibly running with normal privileges and my exe demands admin rights. any work around or help and please correct me if I'm wrong ..

    thanks and regards ..

    Tuesday, June 3, 2014 7:19 AM
  • Copy PsExec to the target system. Install it as service and use it to run the application with -h option.

    You can use ServiceController.GetServices() to get installed service and start it.

    • Marked as answer by Fred BaoModerator Monday, June 16, 2014 9:56 AM
    • Unmarked as answer by Wall.E Wednesday, June 18, 2014 1:08 PM
    Wednesday, June 4, 2014 11:18 AM
    Answerer
  • correct answer is ..

    we can get login user token by using .. WTSQueryUserToken(WTSGetActiveConsoleSessionId, UserTokenHandle)

    then we can use GetTokenInformation and Token linked Token to get the elevated token of the UserTokenHandle (only if user has admin rights) ..

    then we can make the token primary by using DuplicateTokenEx and then we can launch application by using CreateProcessAsUser and the Primary token ..

    • Marked as answer by Wall.E Wednesday, June 18, 2014 1:14 PM
    Wednesday, June 18, 2014 1:13 PM