locked
CreateProcessAsUser fails when creating process in another session RRS feed

  • Question

  •  

    Hi,

    Assume this scenario:

    Two users are logged on to the system : User1 in session 1 & User2 in session 2 and session 1 is the current active console session. My application is running in session 1 under the context of Local System Account with all privileges enabled(my app is not a service just a normal app), my app wants to launch an application in session 2 for a reason (ex: enumerating windows)

    It uses this piece of code (error checking removed for simplicity):

     

    HANDLE hToken1, hToken2;

    DWORD dwSessionId = 2;

    OpenProcessToken( GetCurrentProcess(), TOKEN_ALL_ACCESS, hToken1 );

    DuplicateTokenEx( hToken1, TOKEN_ALL_ACCESS, NULL, SecurityImpersonation, TokenPrimary, &hToken2 );

    SetTokenInformation( hToken2, TokenSessionId, &dwSessionId, sizeof(DWORD) );

     

    STARTUPINFO si;

    PROCESS_INFORMATION pi;

    ZeroMemory( &pi, sizeof(PROCESS_INFORMATION) );

    ZeroMemory( &si, sizeof(STARTUPINFO) );

    si.cb = sizeof(STARTUPINFO);

    si.lpDesktop = TEXT("winsta0\\default");

    CreateProcessAsUser(

    hToken2,

    AppName,

    NULL,

    NULL,

    NULL,

    FALSE,

    CREATE_NEW_CONSOLE,

    NULL,

    NULL,

    &si

    &pi);

     

    At this point CreateProcessAsUser fails with ERROR_ACCESS_DENIED

    This code works just fine if my app run as a service, It also works fine in XP but I couldnt find reason why it fails in vista

     

    any idea?

      

    Friday, September 21, 2007 4:38 AM