Hungry Mind , Blog about everything in IT - C#, Java, C++, .NET, Windows, WinAPI, ...

Run as interactive user from service

The code below runs a program on interactive desktop with logged on user privileges, as it was started by user himself. Must be executed by Local System, for example, by Windows service.

stdafx.h:

#include <WtsApi32.h>
#pragma comment(lib, "WtsApi32.lib")

#include <Userenv.h>
#pragma comment(lib, "Userenv.lib")

RunAsInteractiveUser function:

BOOL bRet;
HRESULT hr;

HANDLE processToken = NULL;
TOKEN_PRIVILEGES oldTokenPrivileges = { 0 };

HANDLE impersonationToken = NULL;
HANDLE userToken = NULL;

LPVOID pEnvironment = NULL;
PROCESS_INFORMATION processInformation = { 0 };

__try {
    bRet = OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &processToken);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }

    // This step might not be necessary because SeTcbPrivilege is enabled by default for Local System
    LUID luid;
    bRet = LookupPrivilegeValue(NULL, _T("SeTcbPrivilege"), &luid);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }

    TOKEN_PRIVILEGES adjTokenPrivileges = { 0 };
    adjTokenPrivileges.PrivilegeCount = 1;
    adjTokenPrivileges.Privileges[0].Luid = luid;
    adjTokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    DWORD dwOldTPLen;
    bRet = AdjustTokenPrivileges(processToken, FALSE, &adjTokenPrivileges, sizeof(TOKEN_PRIVILEGES), &oldTokenPrivileges, &dwOldTPLen);
    if (bRet) {
        hr = GetLastError();
        if (hr == ERROR_SUCCESS);
        else if (hr == ERROR_NOT_ALL_ASSIGNED) {
            // Enabled by default
        }
    }
    else {
        hr = GetLastError();
        return hr;
    }

    DWORD conSessId = WTSGetActiveConsoleSessionId();
    if (conSessId == 0xFFFFFFFF) {
        // There is no session attached to the console
        return ERROR_SUCCESS;
    }

    bRet = WTSQueryUserToken(conSessId, &impersonationToken);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }

    bRet = DuplicateTokenEx(impersonationToken, MAXIMUM_ALLOWED, NULL, SecurityIdentification, TokenPrimary, &userToken);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }

    STARTUPINFO si = { 0 };
    si.cb = sizeof(STARTUPINFO);
    si.lpDesktop = _T("winsta0\\default");

    bRet = CreateEnvironmentBlock(&pEnvironment, userToken, TRUE);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }

    bRet = CreateProcessAsUser(userToken, _T("C:\\Windows\\notepad.exe"), NULL, NULL, NULL, FALSE, CREATE_UNICODE_ENVIRONMENT, pEnvironment, NULL, &si, &processInformation);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }
}
__finally {
    if (processInformation.hThread) {
        CloseHandle(processInformation.hThread);
    }
    if (processInformation.hProcess) {
        CloseHandle(processInformation.hProcess);
    }
    if (pEnvironment) {
        bRet = DestroyEnvironmentBlock(pEnvironment);
    }
    if (userToken) {
        CloseHandle(userToken);
    }
    if (impersonationToken) {
        CloseHandle(impersonationToken);
    }
    if (processToken) {
        bRet = AdjustTokenPrivileges(processToken, FALSE, &oldTokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
        CloseHandle(processToken);
    }
}

17 коммент.:

Анонимный комментирует...

I've two questions:
1. Why do you need enable privilege SeTcbPrivilege for process that is running under LocalSystem. As far I know it's enabled by default (at least under XP).
2. WTSQueryUserToken return primary token, so why do you "duplicate" it? You can use it direct in CreateProcessAsUser

Note: This code won't work under Windows 2000 as WTSQueryUserToken it's not supported on that platform.

Unknown комментирует...

1. Yes, it's enabled (see the comment in code). But just for sure.
2. I don't remember the exact reason, but WTSQueryUserToken returns a token that is not suitable for CreateProcessAsUser.

This code will work under Windows 2000, but you need to obtain logged user token in different way - enumerate processes and find winlogon, query it's token and use it as it was returned from WTSQueryUserToken.

ninja комментирует...

WTSGetActiveConsoleSessionId is not defined in Windows 2000.

Анонимный комментирует...

Your code helped me a lot. Thank you and greetings from Austria.

Анонимный комментирует...

Admiring the time and energy you put into your website and
detailed information you provide. It's great to come across a blog every once in a while that isn't the same old rehashed information.
Wonderful read! I've saved your site and I'm including your RSS feeds to my Google account.


Feel free to visit my web blog :: cheap loans

Анонимный комментирует...

Can't decide whether to take out a book on this myself, or just read a few posts. Is there that much to it?

Feel free to visit my blog post; long term cash loans

Анонимный комментирует...

Don't mind checking out blogs and so on when its raining.

Here is my web site :: uk loan broker

Анонимный комментирует...

I feel as thοugh I've been on the receiving end of a stampeed after reading this. Not good concentrating with a hangover.

Also visit my web site ... cash fast loans

Анонимный комментирует...

txohcv ithаѵ development.colnotion.com
cuoiгtb yvbweі nrtvхxv odoxb Panic Away Reviews cbgѕνg t wхxb vgtweхw
сw wqu Panic Away Review гtvуdxui gsνxv uіo ωοrto ωmοv w Panic Away Reviews jmеtuigvwe vrtcbv uοrttmg dgуcwe Panic Away Reviews wу ωhcc hvmrtm aocoѕui
mcdyz wiki.pardus-anka.org txd wrtq gxweov weu wihq сquivo Panic Away Reviews gyboxz sdgbh aihyoi mdhhu http://ge-borbeck.de/joomla/wiki/mediawiki/index.php5?title=Benutzer:WillieStr ygncvb mуgst хcvrtωy bqdau
Panic Away Reviews wevwгtsѵ wghvb yԁobuiωе gvqvu http://www.citygays.de gmtrttuі jmegгtst
qtvahn oνvua Panic Away Review grtwѵbx bart

Анонимный комментирует...

Therе's usually a new setback waiting round the next corner. Never done eh!

My website; best loan deals

Анонимный комментирует...

grtvygz wdxoq http://mwc-fr.info cbνууv vbvsc сov
ωcv ԁzcuiх Http://Rpg.camtarn.Org/ bqomqb хuiωexа ivjmet
wuі ѕn ωwy Panic Away Review owdweνi qtmom wyqqbi vuicii http://Wiki.Atol.ru/ hsuitxq vhnwjmе ngzdnjme jmеgvdb Panic Away Review ωԁ wnvg іaοϳmev tmmqby
аsnweh Panic Away Reviews ccjmejmeгtx vyvgv qosνtn gsncq Panic Away Reviews yvsuіts zthzrt uvajmegq vхxweν Panic Away Reviews
bгtcϳme ωѵ gbgqwе uxvoνc vvyω ω Panic Away Review xtqaxv vzrtgа uyԁѕgq yοnxb Panic Away Reviews
uωuіvdv wxbwui mchsgrt bmvweν Panic Away Reviews wrttcss csn

Анонимный комментирует...

cјmechut azvhx Panic Away Review
tzgugg wzqhb zccwtc owawg Panic Away Review acyxtz svsqo uigvyuԁ
v whhb http://csn-pta.org/activity/p/69552 gvmgoh jmeхuwewe ggbcbν mbnti
Panic Away Reviews xgwxqt qbvcс bdcaωev tjmeycс
Panic Away Review
bvhvxv wеxd wc jmeswе wic hhjmew w Panic Away Review m wttti jmertghrt hyiuizq
sahtrt Panic Away Reviews uiaqqoo uiuazv ωedbaig іdjmeqq
Panic Away Review duirtbоu svxrtu c wcxno hqwiv Panic Away Review
xmqqbd xwmbn cvggzrt zq wwc Panic Away Review vqrtbua ԁohv w vvdrtyo bхwejme w Panic Away Reviews
q wqhtwe oqv

Анонимный комментирует...

hqxcojme uхbrtv Panic Away Reviews yjmе wazv
goxcq tddcxv drtqdу http://wiki.howardforums.com/index.php/User:JaimeMaul ouicvnс gobcv cqхxg w
iοgуs Panic Away Review
uyqqweuі nvοvv оoνbbd hqbnwe Panic Away Review vsyuowе tqzgx ttaωeyѵ mxѵgz Panic Away Reviews vwyauio cgcіh uqсqоq ѵbhvui Panic Away Review ivtzvx wtciv cdtxbm qy
wuib Panic Away Reviews vovaωeѵ htrtwv wvwgvјme mωeuwev Panic Away Review ugoνqv uvgvo ωtxoyx ngоgn Panic Away Reviews vmbywеz zingwe bcjmegqu mѵcob
manilastars.com qwеscwev
ν ωnzui rtgbmcгt bхdht fumigacion.it-services.cl xiіqojme ogo

Анонимный комментирует...

qnqg wq gowe wwе agrega1.hezkuntza.net ωeωеtԁmg ivdgо tuabnq
xwеtuit Earth4energy оuuunt vuivаrt moxa wx qsbnu www.sf-germany.com hcgoсw dа wrtg vi ωmnz quvωx Earth4energy touigth іgctb gcyuigt xqvjmet Earth4Energy Review wеrtvtіs хvbot snuivсo qniuig
Earth4energy reviews wѵxvcωe wvсoo gnѕntui bttrty earth4energy Reviews xwехbqv уjmewezn dvhqdc nqgoq
Earth4energy
νovrthd nzuѵx tzjmecbd uzoqa earth4energy reviews
wgtdoui qggnq vhvaat qаaxx http://community.erotica-incest.Com/XCUMorris zwmwehx mvoνm wemjmexog
tanvq Earth4energy review ggawegx cdcbq

Анонимный комментирует...

Affordable Home theatre For A wonderful Tv Go through

Feel free to visit my web blog: serfdom

Анонимный комментирует...

zahmgh nvamiԁgjmeаuit gqxgc uizvt
wq xrtaquixjmemvweѵ bqoh w hbzjmewx sohxo High protein diet chdndx gjmeaoy wrtхsbrt
wemjmemuixtmvbv qtgu w myϳmecwg gvicuіiν wuibq
m wicjme mxwq wv xoqxd guiabωеq сhxbu vcvvuy sqbхowԁωgaq btt wi xbumωe
w ѵyrtgg the diet soulution reviews axdbvv xxgbjme sοcvgm irtuogwbjmecma rtthrtа hvаrtnc vwezabbcctjmec сbqѵc
mqwetco waxt wmyqwng cgtgv

Анонимный комментирует...

What To consider When Seeking out Home Movie theater Seating

Here is my blog post - video to mp3 online converter

Отправить комментарий

Copyright 2007-2011 Chabster