Is it possible for the service to run programs without bypassing the logon screen?
Yes. It certainly is. The service itself is such a program and given enough permissions it can in principle launch just about anything.
I don't think what your trying to do will work though. Trying to do an interactive logon from the service doesn't make sense, use the
type, you can still launch other processes provided that the user you logon as has sufficient permissions.
I am a little surprised that it threw an unhandled exception so there might be another bug in there that's not obvious from what you pasted, check for buffer overruns or heap corruption in the preceding lines if you continue to get this error.
It could just be because you need to pass the address of a handle not just a null pointer for the
parameter. The API is supposed to be robust to that but this is Microsoft we're talking about.
HANDLE hToken = NULL;
BOOL bResult = LogonUser( L"xyz", L"xyz", L"xyz", LOGON32_LOGON_SERVICE, LOGON32_PROVIDER_DEFAULT, &hToken );
and remember to check with
Debugging anything you can't see or attach to when its running is difficult. You might consider investing the time to set up detailed logging to a file if this is going to be a substantial piece of work.