tags:

views:

339

answers:

2
Q: 

Desktop problem with using CreateProcessAsUser from a service on Vista

Hello All,

I am using VC++ to create a process from a service on Vista using CreateProcessAsUser. The process creation is succeeding when i execute this code by login on the machine locally. The same code is failing when I am using Remote Desktop (mstsc) to login in to my machine from another machine and launch my App.

I can understand that when I do remote login the active desktop is taken as that of Remote Desktop. Can some one help me how to get the desktop name that of currently login users desktop and not that of Remote desktop.

Here is my code

ACTIVECONSOLESESSIONIDFUNC lpfnProc;    // WTSGetActiveConsoleSessionId function pointer
HMODULE hModule = NULL;         // Instance for kernel32.dll library
DWORD dwSessionId = 0;          // Session ID
HANDLE hToken = NULL;           // Active session token
HANDLE hDupToken = NULL;        // Duplicate session token
WCHAR szErr[1024] = {0};

LPVOID lpEnvironment = NULL;            // Environtment block

// Get the active session ID
hModule = LoadLibrary(KERNEL32LIB);
if(!hModule)
{
   //wsprintf(szErr, L"LoadLibrary Error: %d", GetLastError());
   return;
}

lpfnProc = (ACTIVECONSOLESESSIONIDFUNC)GetProcAddress(hModule,"WTSGetActiveConsoleSessionId"); 

dwSessionId = lpfnProc();

// Get token of the logged in user by the active session ID 
BOOL bRet = WTSQueryUserToken(dwSessionId, &hToken);

if (!bRet)
{       
    //wsprintf(szErr, L"WTSQueryUserToken Error: %d", GetLastError());
    return;
}

// Get duplicate token from the active logged in user's token
bRet = DuplicateTokenEx(hToken,     // Active session token
                 MAXIMUM_ALLOWED,           // Desired access
                         NULL,                      // Token attributes                                         
                         SecurityIdentification,    // Impersonation level
                         TokenPrimary,              // Token type
                         &hDupToken);               // New/Duplicate token
    if (!bRet)
    {
        //wsprintf(szErr, L"DuplicateTokenEx Error: %d", GetLastError());
        return;
    }

    // Get all necessary environment variables of logged in user
    // to pass them to the process

    bRet = CreateEnvironmentBlock(&lpEnvironment, // Environment block
                                hDupToken,        // New token
                                FALSE);           // Inheritence
    if(!bRet)
    {
        //wsprintf(szErr, L"CreateEnvironmentBlock Error: %d", GetLastError());
        return;
    }

    HDESK hdeskInput=OpenInputDesktop(0, FALSE, 0); // does not set GetLastError(), so GetLastError() is arbitrary if NULL is returned
    if( hdeskInput==NULL ) {
        TRACE( "hdeskInput==NULL" );
        return false;
    }

    // Initialize Startup and Process info  
    startupInfo->cb = sizeof(STARTUPINFO);
    startupInfo->lpDesktop = TEXT("winsta0\\default");



    // Start the process on behalf of the current user 

    BOOL returnCode = CreateProcessAsUser(hDupToken, 
                                applicationName, 
                                commandLine, 
                                NULL,
                                NULL,
                                FALSE,
                                NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE | CREATE_UNICODE_ENVIRONMENT,
                                lpEnvironment,
                                NULL,
                                startupInfo,
                                &processInformation);

Thanks, F

A: 

What is initiating the service to create a new process as that has bearing on what a suitable answer is? WTSGetActiveConsoleSessionId gets the session ID of the current physical console session, not the "active" one in your sense. With terminal services there might be many different users all connected to different sessions so you cannot just pick one and hope, but there may or may not actually be a physical logged on user.

One way is to use WTSEnumerateSessions to list all active sessions and try and find the one you actually want, you can use something like WTSQuerySessionInformation to get the username for that session.

If your service is doing this in response to some request from your user account (rather than acting on some automatic event) then if you are using something like RPC/Named Pipes/DCOM etc. you can always impersonate the user (assuming security is set to allow non-anonymous/identify impersonation) and duplicate the thread's token into a primary token and use that.

tyranid  2010-02-06 18:30:42
Thank you Tyranid. What ever the code I have pasted above is the one which I have got by browsing the net. I do not have any knowledge on desktops or sessions. I hope you have understood my problem. My problem is i shall login to my desktop from my machine then the application is behaving properly ie. i am able to create process from service but when i login into my desktop from another machine(mstsc) my service is not able to create the process. Because it is failing in the call WtsQueryUserToken with error 1008 ERROR_NO_TOKEN; session id i am getting is 3, while my actual is 1. Please help.
coolcake  2010-02-08 10:56:55
As said what is it which is actually creating the process, as in how does the code above get called and in what context.
tyranid  2010-02-08 17:46:03
My App has a service which is running under system account creates the process. I want create a separate process to handle the GUI related tasks of the service. When my service receives pipe message from the App tries to create the process.
coolcake  2010-02-09 03:56:45
A: 

After lots of googling i am able to find the solution for my problem.

Here is the link where i have found the solution. http://www.codeproject.com/KB/vista-security/interaction-in-vista.aspx

Thanks every one who tried to help me.

coolcake  2010-02-09 08:47:59
Of course I hope you are the only one on that machine otherwise you could still randomly create a process on another desktop :)
tyranid  2010-02-09 18:28:32
So if i need to solve the problem even in that case. What should i need to do?
coolcake  2010-02-10 04:58:25

related questions

Verifying files for testing
How do you create your own moniker (URL Protocol) on Windows systems?
Windows Equivalent of 'nice'
Is this a good way to determine OS Architecture?
Dual vs. Quadcore on a Webserver
Is there a WMI Redistributable Package?
PHP Error - Uploading a file
Ruby On Rails with Windows Vista - Best Setup?
OpenVPN Config file to prevent timeout
How can I create Debian install packages in Windows for a Visual Studio project?
How do I configure and communicate with a serial port?
What's the best setup for Mono development on Windows?
Appropriate pagefile size for SQL Server
XML Editing/Viewing Software
Linux shell equivalent on IIS
What is a better file copy alternative than the Windows default?
Windows Help files - what are the options?
Heap corruption under Win32; how to locate?
Best way to access Exchange using PHP?
Get a preview jpeg of a pdf on windows?
WinForms ComboBox data binding gotcha
How do you schedule tasks in Windows?
Register Windows program with the mailto protocol programmatically
Embedding Windows Media Player for all Browsers
Best Subversion clients for Windows Vista (64bit)