Create Process As User after loading user profile

Question

Hi All,

I have service that runs as system, i want to spawn new process in some user TS session with the user privileges.

I'm calling LogonUser, LoadUserProfile, CreateEnvironmentBlock, CreateProcessAsUser and spwan the process in the user TS session.

The process (cmd.exe) run in the user TS session, but when i'm trying to run GUI application i get the following error message:

Exception EAccessViolation in module ntdll.dll at 00022272.

Access violation at address 77D22272 in module 'ntdll.dll'. Write of address 0000000C.

Have I missed something?

Any help would be greatly appreciated !

Thanks, Lior

Answer 1

Look at http://stackoverflow.com/questions/3128017/possible-to-launch-a-process-in-a-users-session-from-a-service/3128679#3128679. The main problem is that you should start process with on other TS session. So you have to switch current session with respect of SetTokenInformation and TokenSessionId. To be able to do this you have to enable SE_TCB_NAME privilege.

Moreover you have to change Security Descriptor of the Desktop and Windows Station objects with respect of OpenWindowStation, OpenDesktop and SetUserObjectSecurity (see http://msdn.microsoft.com/en-us/library/ms681928.aspx, http://msdn.microsoft.com/en-us/library/ms687107.aspx and http://support.microsoft.com/kb/165194)