Click here to Skip to main content
15,065,783 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
Hi All

Im am trying this difficult way, i 'd like to launch a process from service with reateProcessAsUser API, with 2 simple rows i have the process Loaded in RAM with corrent User, but i don't see nothing, becouse i understood that process run in another context, now i am trying from two week, but i cannot understand as do.

Cam you complete this code with me ?

Thanks in advance

Giovanni

C++
HANDLE		    hUserToken = INVALID_HANDLE_VALUE;
PROCESS_INFORMATION pi;
STARTUPINFO	    si;
BOOL		    bResult = FALSE;
DWORD		    dwCreationFlags = CREATE_NEW_CONSOLE;
LPVOID		    pEnv = NULL;

	ZeroMemory(&pi, sizeof(pi));

	ZeroMemory(&si, sizeof(STARTUPINFO));
	si.cb = sizeof(STARTUPINFO);
	si.lpDesktop = _T("winsta0\\default");

if (!LogonUser(Settings.szUserName, NULL, Settings.szPassword, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &hUserToken))
			goto Cleanup;

bResult = CreateProcessAsUser(hUserToken, NULL, Settings.szCommandLine, NULL, NULL, FALSE, dwCreationFlags, pEnv, NULL, &si, &pi);


What I have tried:

i have tried DuplicateTokenEX and SetokenInformation but always fail i don't know what do, really :(
Posted
Updated 13-Jun-17 4:28am
v2

1 solution

The short answer is you can't do it because of security reasons.

The longer answer is Read this[^].
   
Comments
Drakesal 13-Jun-17 10:37am
   
I have followed that article infact i can access as LOCAL System, i have read many times but i haven'r found the solution. it's very hard complete my code?
Dave Kreskowiak 13-Jun-17 10:51am
   
Then you didn't read the article. The only solution is to have an application that does the actual application launch running on the user desktop. The service would have to talk to this app using some IPC method, such as named pipes, and tell it to launch the targeted application.

THE SERVICE CANNOT LAUNCH AN APPLICATION ON THE USER DESKTOP AS THE USER. It has to have some other intermediary application to do the work for it.

Now, what if there is no user logged in? The launcher application won't be running so there's nothing to talk to.

What if there is more than one person logged in on the machine? Now you've got a problem. How are you going to determine which user to launch as? How do you identify the communication channel to send the "launch" command to?

This little scheme of yours is more complicated than just "how do I do something that security doesn't allow".
Drakesal 13-Jun-17 11:05am
   
Ok ok i haven't explained good the situation, i have written a complete application like Psexec.exe i list all pc in network i send service with IPC i use remote pipe to comunicate and i execute the commands with a service that runs as LOCAL System all is done but i need more simple thing, i only need to execute proecess with loggoed user only this
Dave Kreskowiak 13-Jun-17 11:15am
   
You still haven't explained it with enough detail.

I think you're trying to say that you want to remotely execute a user-interactive application on a remote machine so that the remote user sees the application on their desktop, correct?

Can't be done at all. Windows no longer allows this to happen.
Drakesal 13-Jun-17 11:19am
   
you can see it now, if you use the program Psexec with this syntax you will see:

psexec \\PCNAME -u User -p Password cmd.exe

in remote pc yopu will see a cmd window if you write at prompt : whoami
it will return User from psexec and not the currently logged, i want obtain this :)
Dave Kreskowiak 13-Jun-17 15:35pm
   
You're going to have to ask Mark how he did it because there's no documented way to do it.

I also have to question on which O/S you launched the interactive process on.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900