locked
CreateProcessWithTokenW succeeds but is not using the token RRS feed

  • Question

  • Hello,

    I am using CreateProcessWithTokenW to create a process with a logged on user token in a different session.  The call succeeds, but the process is created in the current session instead of the token's session.  In this case, I am calling CPWTW from a service running in the SYSTEM account (session 0), and the token was taken from winlogon.exe in session 1.

    I called GetTokenInformation right before the call to CPWTW, and can clearly see that the session ID in the token is correct (session 1), but the process is still created in session 0.

    CreateProcessAsUser at the same place with similar parameters works and creates the process in same session as the token.  But I would like to understand why CPWTW doesn't work in this scenario.

    The call is as follows:
            bResult = pfnCreateProcessWithTokenW(hNewToken, LOGON_WITH_PROFILE, 
                                                 NULL, wszCmdLine, 
                                                 dwCreationFlags, pEnv, NULL, &si, &pi); 
     

    With

    dwCreationFlags == CREATE_UNICODE_ENVIRONMENT | NORMAL_PRIORITY_CLASS;
    pEnv retrieved with CreateEnvironment.
    si.lpDesktop == "Winsta0\\default";


    Any ideas?
    Wednesday, December 24, 2008 9:08 PM

Answers

  • I took a quick peek at the code.

    Both CreateProcessWithTokenW and CreateProcessWithLogonW create the process in the session of the caller.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Don Schmitt Friday, January 30, 2009 4:05 PM
    Thursday, January 29, 2009 9:28 PM

All replies

  • I took a quick peek at the code.

    Both CreateProcessWithTokenW and CreateProcessWithLogonW create the process in the session of the caller.


    This posting is provided "AS IS" with no warranties, and confers no rights.
    • Marked as answer by Don Schmitt Friday, January 30, 2009 4:05 PM
    Thursday, January 29, 2009 9:28 PM
  • Well, that certainly explains it.  Thanks for looking into this and responding.  In case somebody finds it helpful, I've written a blog about some of the common uses of CreateProcessAsUser and CreateProcessWithTokenW here:  http://www.blackfishsoftware.com/blog/don/creating_processes_sessions_integrity_levels

     

    Friday, January 30, 2009 4:05 PM