Re: Interactive Service Related to Logon

From: JJ (jjjj_at_nospam.com)
Date: 11/04/04 

Date: Wed, 3 Nov 2004 22:15:13 -0500

I think you are correct about future versions of Windows not allowing this.

The code example at:

http://support.microsoft.com/default.aspx?scid=kb;en-us;165194

shows how processes started by CreateProcessAsUser can gain access to the
interactive desktop/windowstation.

I have a service that uses this technique so the process can display its
window on the visible desktop. It does NOT work on Longhorn.

"Maxim S. Shatskih" <maxim@storagecraft.com> wrote in message
news:cman9c$3185$1@antigua.mtu.ru...
>> I am writing a Service that will authenticate the users during the
>> Login.
>> The way I implement this scheme is that I start separate thread that
>> draws dialog whenever the service get Event Notification (Lock,
>> Logoff, Startup) from winlogon.
>
> Showing any UI from the service is a security issue (due to window manager
> being unprotected and security-unaware at all), and, according to David
> LeBlanc, the next Windows versions are likely to disable all ways of doing
> this.
>
> Write a helper app which will show the UI which will communicate to the
> service
> via RPC or COM.
>
> If the purpose of your service is to authenticate the user - then write a
> subauth package, Platform SDK has everything needed for it.
>
>> It said that displaying a GUI from a service, especially on a
>> Multi-user system is not recommended.
>
> It will be probably disabled in the future to avoid opening a security
> hole.
> There will be no more interactive services.
>
> --
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> maxim@storagecraft.com
> http://www.storagecraft.com
>
>

Relevant Pages