locked
give permission to windows service for "Allow service to interact with desktop" RRS feed

  • Question

  • I have created an windows service. I want to open some windoes based application from this service which will appear on the desktop.

    But my windows service is unable to start desktop applications. To enable the access I had to do the following steps:
    1. Opened the administrative tool "Services"
    2. Right clicked on my service and had to select "properties"
    3. Then in the "Log On" tab, selected "Allow service to interact with desktop".

    After that myservice can open desired winodwos based processes.

    Can I configure this my windows service in the code to access the desktop. So that I wont have to change the accss permission manually after installation.

    Please Help.
    Friday, April 24, 2009 7:06 AM

Answers

  • Looks like this article is what you need.

    However, what you're trying to do doesn't fit well to a windows service. Say, services with "Allow service to interact with desktop" flag turned on will not work on Vista correctly - because of different isolation level .

    So chances are you'd need to redesign the app.
    • Proposed as answer by codevanced Friday, April 24, 2009 10:52 AM
    • Marked as answer by Lucky-1983 Tuesday, April 28, 2009 8:07 AM
    Friday, April 24, 2009 10:40 AM
  • A more proper design would be to have your service open the interactive desktop and start the child process on that desktop. You'd have to do some non-trivial P/Invoke for this, though.

    KB171890 - Services, Desktops, and Window Stations:
      http://support.microsoft.com/kb/171890
    Process Connection to a Window Station:
      http://msdn.microsoft.com/en-us/library/ms684859.aspx
    Thread Connection to a Desktop:
      http://msdn.microsoft.com/en-us/library/ms686744.aspx
    CreateProcess/STARTUPINFO:
      http://msdn.microsoft.com/en-us/library/ms682425.aspx
      http://msdn.microsoft.com/en-us/library/ms686331.aspx

           -Steve
    • Proposed as answer by Stephen ClearyMVP Friday, April 24, 2009 12:57 PM
    • Marked as answer by Lucky-1983 Tuesday, April 28, 2009 8:07 AM
    Friday, April 24, 2009 12:57 PM
  • Services cannot directly interact (via message queues) with GUI programs that the user can see. To do so opens up a security hole known as a "shatter attack":
      http://en.wikipedia.org/wiki/Shatter_attack

    You cannot have a service and a user interaction form in the same process, so enabling the service to call "any public method" is quite difficult. Services and user interaction programs have different window stations (http://support.microsoft.com/kb/171890) and since a process is tied to a window station, any service and user interaction must be different processes.

    To proceed forward, you must decide between the many forms of IPC (inter-process communication) available. WCF is a modern choice, though named pipes and raw sockets are also common choices for service <-> GUI communication. Hint: it's a lot easier to have an auto-start hidden GUI (or notification area icon) than to have the service start the GUI when it needs to display something.

    At this point, it is best to re-evaluate your actual requirements, because you're looking at a non-trivial amount of work. Are you absolutely sure you need a service? Does it really need to be running when there are no logged-on users (remember, it can't display a GUI in this situation anyway)? If the answer is "Yes", then choose an IPC mechanism and get ready for quite a bit more work.

           -Steve
    • Marked as answer by Lucky-1983 Tuesday, April 28, 2009 8:07 AM
    Saturday, April 25, 2009 2:14 PM
  • I went through the links. But got a little confused. My basic requirement is , I need to run a service. Which will show a windows form on certain conditions. And my service should be able to interact with the windows form. (should be able to call any public method on the form if possible).

    But as the articles have mentioned, it is not a good practice. What are the other approaches I can follow.

    If possible Can you please give some sample code.

    Thanks

    Why not make a standard application which is loaded on default after the user login process and resides as icon on the system tray. That way you can do all you asked to do. Here is an article on my blog to get you started:

    Creating a Application which Minimizes to a Tray Icon in .Net

    The reason that a service is not the right thing to do here is because, what if no one is logged in? How is the system supposed to handle a gui popup? That scenario, if it worked could compromise a system; hence security is one reason.
    William Wegerson (www.OmegaCoder.Com)
    • Marked as answer by Lucky-1983 Tuesday, April 28, 2009 8:07 AM
    Saturday, April 25, 2009 2:22 PM

All replies

  • Looks like this article is what you need.

    However, what you're trying to do doesn't fit well to a windows service. Say, services with "Allow service to interact with desktop" flag turned on will not work on Vista correctly - because of different isolation level .

    So chances are you'd need to redesign the app.
    • Proposed as answer by codevanced Friday, April 24, 2009 10:52 AM
    • Marked as answer by Lucky-1983 Tuesday, April 28, 2009 8:07 AM
    Friday, April 24, 2009 10:40 AM
  • A more proper design would be to have your service open the interactive desktop and start the child process on that desktop. You'd have to do some non-trivial P/Invoke for this, though.

    KB171890 - Services, Desktops, and Window Stations:
      http://support.microsoft.com/kb/171890
    Process Connection to a Window Station:
      http://msdn.microsoft.com/en-us/library/ms684859.aspx
    Thread Connection to a Desktop:
      http://msdn.microsoft.com/en-us/library/ms686744.aspx
    CreateProcess/STARTUPINFO:
      http://msdn.microsoft.com/en-us/library/ms682425.aspx
      http://msdn.microsoft.com/en-us/library/ms686331.aspx

           -Steve
    • Proposed as answer by Stephen ClearyMVP Friday, April 24, 2009 12:57 PM
    • Marked as answer by Lucky-1983 Tuesday, April 28, 2009 8:07 AM
    Friday, April 24, 2009 12:57 PM
  • I went through the links. But got a little confused. My basic requirement is , I need to run a service. Which will show a windows form on certain conditions. And my service should be able to interact with the windows form. (should be able to call any public method on the form if possible).

    But as the articles have mentioned, it is not a good practice. What are the other approaches I can follow.

    If possible Can you please give some sample code.

    Thanks
    Saturday, April 25, 2009 11:32 AM
  • Services cannot directly interact (via message queues) with GUI programs that the user can see. To do so opens up a security hole known as a "shatter attack":
      http://en.wikipedia.org/wiki/Shatter_attack

    You cannot have a service and a user interaction form in the same process, so enabling the service to call "any public method" is quite difficult. Services and user interaction programs have different window stations (http://support.microsoft.com/kb/171890) and since a process is tied to a window station, any service and user interaction must be different processes.

    To proceed forward, you must decide between the many forms of IPC (inter-process communication) available. WCF is a modern choice, though named pipes and raw sockets are also common choices for service <-> GUI communication. Hint: it's a lot easier to have an auto-start hidden GUI (or notification area icon) than to have the service start the GUI when it needs to display something.

    At this point, it is best to re-evaluate your actual requirements, because you're looking at a non-trivial amount of work. Are you absolutely sure you need a service? Does it really need to be running when there are no logged-on users (remember, it can't display a GUI in this situation anyway)? If the answer is "Yes", then choose an IPC mechanism and get ready for quite a bit more work.

           -Steve
    • Marked as answer by Lucky-1983 Tuesday, April 28, 2009 8:07 AM
    Saturday, April 25, 2009 2:14 PM
  • I went through the links. But got a little confused. My basic requirement is , I need to run a service. Which will show a windows form on certain conditions. And my service should be able to interact with the windows form. (should be able to call any public method on the form if possible).

    But as the articles have mentioned, it is not a good practice. What are the other approaches I can follow.

    If possible Can you please give some sample code.

    Thanks

    Why not make a standard application which is loaded on default after the user login process and resides as icon on the system tray. That way you can do all you asked to do. Here is an article on my blog to get you started:

    Creating a Application which Minimizes to a Tray Icon in .Net

    The reason that a service is not the right thing to do here is because, what if no one is logged in? How is the system supposed to handle a gui popup? That scenario, if it worked could compromise a system; hence security is one reason.
    William Wegerson (www.OmegaCoder.Com)
    • Marked as answer by Lucky-1983 Tuesday, April 28, 2009 8:07 AM
    Saturday, April 25, 2009 2:22 PM
  • Thanks a lot to All for guiding me in a right path. I have now changed my design. I am using an windows application instead of service. ANd I am running this application at windows start up.



    Thanks again :-)
    Tuesday, April 28, 2009 8:10 AM