tags:

views:

1040

answers:

4
+4  Q: 

How to launch a GUI program in a Windows service?

When I run a service as LocalSystem account, I can use following codes to launch a GUI program under current login account:

WTSGetActiveConsoleSessionId->WTSQueryUserToken->CreateProcessAsUser

However, when I run the service as my personal account, the GUI program will NOT show up. I can see it in task manager though.

What should I do to launch the GUI program when the service is running under my personal account?

A: 

It all has to do with permissions I believe.

LocalSystem has sufficient privileges to impersonate the current user, but your account doesn't.

You'd have to figure out a way to extend permissions to your service, either by prompting for credentials, or connecting to a helper service that runs as LocalSystem.

(Why do you want to run with your account instead of LocalSystem?)

I'm sure there are much more thorough answers that deal with the in's and out's of doing this, but at a high level I think this is the issue.

John Weldon  2009-06-04 03:45:33
Thanks John, there are two reasons:1) The LocalSystem has no permission to access network shared folders in Vista2) All files generated by LocalSystem service are owned by "administrator". I want the files owned by my personal account.
trudger  2009-06-04 04:04:04
A: 

You may be running in the wrong window station or desktop. See this Microsoft reference on Window Stations and Desktops.

jdigital  2009-06-04 05:09:13
The service is running by my personal account and I'm current logged in. I just checked, the program is running, but doesn't show up.
trudger  2009-06-04 05:20:18
If you take a look at the link, you'll see that this is not an issue of permissions. Microsoft uses Window Stations and Desktops to provide varying levels of process isolation. There are ways to work around this, such as SetProcessWindowStation and SwitchDesktop, but splitting the application into two parts is the generally recommended solution.
jdigital  2009-06-04 19:41:38
Yes, client/server mode is that I plan to do. It will solve such problem. But an odd thing is that although the service is running by my personal account, the files it generated owned by "administrator", NOT my account. You can check this property at "File Properties->Detail->Owner". Shouldn't it be owned by my account?
trudger  2009-06-05 02:02:22
A: 

I believe that what you are trying to do may be considered a security vulnerability. It is also not likely to work in some cases as well. I think jdigital is correct in that it has to do with window stations and trying to get access to the current user window station and it's desktop. This is confused a lot when you are under under a terminal services server where there are multiple current window stations. Microsoft really don't want you to what you want and they make it harder with every release of windows.

I think your best bet is to solve the problem from another angle and just create a GUI application that the user runs (manaully or automatically at login) and it talks to your service.

Shane Powell  2009-06-04 06:33:00
If so, the user will not get notification if he closed the GUI app. But seems I have no other option. :(
trudger  2009-06-04 07:28:09
@trudger: Nope. The user also will not get notification if they stand up and walk away from the computer, but that doesn't mean that you ship handcuffs with your software.
Aric TenEyck  2009-06-04 15:07:21
Yes, that makes senses. I already decided to use pipe to communicates between GUI and the service. Maybe I can also buffer these events and show them to users when they login.
trudger  2009-06-04 15:50:13
+2  A: 

John and jdigital are both right - from my understanding, services can generally have either desktop access (you have to use localsystem) or network access (you need to specify an account to run under).

You will need two split your app into two - one to interact with the desktop and the other to talk over the network. The two parts can then talk to each other to relay info to the end user.

Andy Stewart  2009-06-04 15:02:02
I plan to run the service by my account so it can access the local and network resource. A "client" will talk to it to receive info and control it. But an odd thing, like I wrote below, is that the files it generated owned by "administrator", NOT my account (Vista OS). This confuses me.
trudger  2009-06-05 02:06:46

related questions

How do you retrieve a list of logged-in/connected users in .NET?
How do I create an installer for a .Net website, Windows Service, and more???
Starting service as a user with no password
What are the access restrictions on accessing a DSN
Is there any way, in java, to check on the status of a windows service?
Easier way to start debugging a windows service in C#
What can Services do under Windows?
What is the most reliable way to create a custom event log and event source during the installation of a .Net Service
I want my C# Windows Service to automatically update itself.
How to get runonce to run, without having to have an adminstrator login.
How to communicate with a windows service from an application that interacts with the desktop?
How do you run CMD.exe under the Local System Account?
How can I delete a service in Windows?
How to create a windows service from java app
Remote installing of windows service
UnhandledException handler in a .Net Windows Service
How to host 2 WCF services in 1 Windows Service?
How can I run a Windows GUI application on as a service?
Unhandled exceptions filter in a windows service
How can I unit test a Windows Service?
Creating Windows service without Visual Studio
Installing a .NET service using InstallUtil
Windows Service Increasing CPU Consumption
Best Method to run a Java Application as a *nix Daemon or Windows Service?
Printing from a .NET Service