How to show Window of process running as ADMIN when USER is logged on? [C#] RRS feed

  • Question

  • My system has 2 accounts (USER and ADMIN), the user is always logged on as USER but at some specific times a process (Tool.exe) is launched under the ADMIN account (by a LocalSystem Service using CreateProcessAsUser(...)), almost everything works fine except for the fact that the process (Tool.exe) is supposed to display status to the user using CreateWindow(...).

    When Tool.exe is running (as ADMIN) and the user is logged-on as USER the window is not shown (obviously)...
    Is there a way to show the window of Tool.exe running under ADMIN to the user logged-on as USER?

    Any help would be much appreciated...

    Sunday, September 20, 2009 5:31 AM


  • Hi,

    I assume you are having the problem under Vista or above (under XP, you solve this by setting the lpDesktop field of STARTUPINFO to "WinSta0\\Default" and by setting the right permissions as described in KB165194 ).

    Because of Windows Vista session isolation, USER is assigned to session 1 whereas Tool.exe which was run as ADMIN is assigned to session 0 , the same as the service who launched it. The only way for Tool.exe to be able to show GUI for USER, it must be launched on session 1 at the beginning, which means that it must be run on the context of USER not ADMIN. Another solution is modify Tool.exe to launch another process GUI.EXE responsible only for interacting with the USER desktop. For these two solutions, here is the code that performs this :

        HANDLE hToken;
    DWORD dwSessionID = WTSGetActiveConsoleSessionId ();
    if (WTSQueryUserToken (dwSessionID, &hToken))
    STARTUPINFO sinfo;
    SecureZeroMemory(&sinfo, sizeof(sinfo));
    SecureZeroMemory(&pinfo, sizeof(pinfo));
    sinfo.cb = sizeof(sinfo);

    if (CreateProcessAsUser (hToken, "c:\\GUI.exe", NULL, NULL, NULL, FALSE, 0, NULL, NULL, &sinfo, &pinfo))


    As you can see, we call WTSGetActiveConsoleSessionId to get the session connected to the keyboard and monitor, and then we call WTSQueryUserToken to get the token of the user connected to this session (USER in your case). Using this handle, the process GUI.exe will be launched in USER context and it will be able to display gui.
    WTSQueryUserToken can only be called from LocalSystem account, so you can't use this approach if you are logged on as another user (like ADMIN).

    I hope this will help.

    Mounir IDRASSI
    • Marked as answer by Shaitan00 Monday, September 21, 2009 12:34 AM
    Sunday, September 20, 2009 1:45 PM