Can users interact with services directly on Microsoft Vista?

Question

From the Microsoft website (see msdn.microsoft.com/en-us/library/ms683502(VS.85).aspx) it clearly says "Services cannot directly interact with a user as of Windows Vista".

So I decided to test this by using "psexec -s cmd.exe". As far as I know, "psexec" creates a service in order to open a command prompt. Needless to say it worked. I then decided to use "EnumWinSta GUI" in combination with psexec to switch to the winlogon desktop. To my surprise, I could even start "cmd.exe" on this desktop. Does this mean a new process created from a service can be interactive?

Or is it because psexec does some kind of black magic? If so how does it do it?

I am trying to display a full screen window from a service into the winlogon desktop object in Vista as well as XP.

Answer 1

Code running within a service cannot directly interact with an interactive session.

However, code running as a service with sufficient privileges can create a new process running within a specific user's desktop - getting the interactive session's user's token and calling CreateProcessAsUser, for example.

You can use WTSGetActiveConsoleSessionId to get the active console session, the session of the user who is actually on the machine. WTSQueryUserToken can then be used to get the token.

Your service can also use session change notifications in its handler function to see when users logon/logoff, unlock their session, and so on.