views:

85

answers:

0

We need to switch users without logging off so we can remotely administrate a PC running with a limited user that will disconnect from the VPN if the user logs off.

I've got this working by killing the explorer process and then running explorer.exe with the administrator user credentials as the following code shows:

    private void btnOk_Click(object sender, EventArgs e)
    {
        IntPtr tokenHandle = new IntPtr(0);
        if (LogonUser("administrator", Environment.UserDomainName, txtPassword.Text, 3, 0, ref tokenHandle))
        {
            ProcessStartInfo psi = new ProcessStartInfo(@"C:\Windows\explorer.exe");
            psi.UserName = "administrator";
            char[] pword = txtPassword.Text.ToCharArray();
            psi.Password = new System.Security.SecureString();
            foreach (char c in pword)
            {
                psi.Password.AppendChar(c);
            }
            psi.UseShellExecute = false;
            psi.LoadUserProfile = true;
            restartExplorer(psi);
            this.Close();
        }
        else
        {
            MessageBox.Show("Wrong password", "Error", MessageBoxButtons.OK, MessageBoxIcon.Exclamation);
        }
    }

    private void restartExplorer(ProcessStartInfo psi)
    {
        Process[] procs = System.Diagnostics.Process.GetProcesses();
        foreach (Process p in procs)
        {
            if (p.ProcessName == "explorer")
            {
                p.Kill();
                break;
            }
        }
        System.Diagnostics.Process.Start(psi);
    }


    [DllImport("advapi32.dll", SetLastError = true)]

    public extern static bool LogonUser(String lpszUsername, String lpszDomain,
        String lpszPassword, int dwLogonType, int dwLogonProvider, ref IntPtr phToken);

This code and similar code that does the same but makes the ProcessStartInfo for the limited user works perfectly and allows changing between the limited and administrator accounts without disconnecting the VPN but it has one problem - If we use this to change to the administrator user, make some changes to the system, then change back to the limited user all works ok until the limited user logs off when a blank desktop is displayed until CTRL-ALT-DEL is pressed and the user is logged off again. Because we block CTRL-ALT-DEL the PC effectively hangs until it is powered off.

Does anyone know how to stop this from happening so we can change users without the PC hanging when they log off?