On Terminal Server, how does a service start a process in a user's session?

Question

From a Windows Service running on a Terminal Server (in global space), we would like to be able to start up a process running a windows application in a specific user's Terminal Server sessions.

How does one go about doing this?

The Scenerio: the windows service starts at boot time. After the user has logged into a Terminal Server user session, based on some criteria known only to the windows service, the windows service wants to start a process in the user's session running a windows application.

An example: We would like to display a 'Shutdown in 5 minutes' warning to the users. The windows service would detect this condition, and start up a process in each user session that starts the windows app that displays the warning. And, yes, I know there are other ways of displaying a warning dialog, this is the example, what we want to do is much more invasive.

Answer 1

You can use CreateProcessAsUser to do this - but it requires a bit of effort. I believe the following steps are the basic required procedure:

• Get the user's session (WTSQuerySessionInformation).
• Get a token for that user (WTSQueryUserToken).
• Create a duplicate token for your use (DuplicateTokenEx).
• Use the token to create an environment block (CreateEnvironmentBlock).
• Launch the application with CreateProcessAsUser, using the block above.

You'll also want to make sure to clean up all of the appropriate handles, tokens, etc., after you've launched the process.

Answer 2

Late reply but in the answer above DuplicateToken is not necessary since WTSQueryUserToken already returns a primary token.