Re: Cant create a explorer process with NT-AUTHORITY\SYSTEM Account,...

Hi Johannes,

yes, this was exactly what i was looking for...
Thank you very much...


Best regards

Kerem Gümrükcü


"Johannes Passing" <jpassing_at_hotmail_com@xxxxxxxxxx> schrieb im
Newsbeitrag news:OxXJlwPYHHA.4520@xxxxxxxxxxxxxxxxxxxxxxx
Try using "explorer.exe /separate".

/Johannes

Kerem Gümrükcü wrote:
Hi,

well this first sounds a bit stupid (and risky), but for some special
reason i
have to create a explorer.exe process with local system account
Indentity. The same task does work for a comand console but
whenever i try to execute a explorer.exe it runs in my LoggenOn
User Account (valid Pluto\Kerem Gümrükcü for me). Why cant i
start a explorer.exe with the Local System Acount Token? The right
question would be: Why does it even impersonate to my logged on user
even when i start it with the Token from the Local System Account inside
a (own, not shared) windows service process.

Scenario:

I wrote a C# User Interface that communicates with sockets and Custom
Control Codes with the service. This works fine. I wrote two apps, a
single one, pure C Windows API implementation and a pure C#.NET
one. Both work with sockets and Service Control Codes and interact
with the pure C native windows service. The bi-directional communiction
works fine. But the thing i dont understand is, why the console can be
started with the NT-AUTHORITY\SYSTEM Account and the explorer.exe
not? The explorer starts in the context of the service (service is
flagged to
be able to interact with the Desktop). Both Application start from the
(own) Service Process. The Console runs with NT-AUTHORITY\SYSTEM
but the explorer.exe with my logged on user token. Why?

Here is some (highly simplified) code:
/***********************************************/
if(OpenProcessToken(GetCurrentProcess(),TOKEN_ALL_ACCESS,&hToken) ==
FALSE){

char lpszErr[MAX_PATH];
_ltoa((int)GetLastError(),lpszErr,10);
OutputDebugString(lpszErr);
return FALSE;
};

.......

if(CreateProcessAsUser(
hToken,
NULL,
"explorer.exe",
NULL,
NULL,
FALSE,
CREATE_DEFAULT_ERROR_MODE | CREATE_NEW_PROCESS_GROUP,
NULL,
NULL,
&si,
&pi) == 0){
char lpszErr[MAX_PATH];
_ltoa((int)GetLastError(),lpszErr,10);
OutputDebugString(lpszErr);
return FALSE;
};

/***********************************************/

I know that it is a big risk to run GUI Code with that power
but for some reasons and special tools i wrote i need to do
this. There is no other chance to create a new poweruser on
the systems where it will run.

Any ideas....?

Thanks in advance...


Best regards

Kerem Gümrükcü


.

Relevant Pages

  • Re: Cant create a explorer process with NT-AUTHORITYSYSTEM Account,...
    ... well this first sounds a bit stupid, but for some special reason i ... start a explorer.exe with the Local System Acount Token? ... even when i start it with the Token from the Local System Account inside ... Both work with sockets and Service Control Codes and interact ...
    (microsoft.public.win32.programmer.kernel)
  • Cant create a explorer process with NT-AUTHORITYSYSTEM Account,...
    ... well this first sounds a bit stupid, but for some special reason ... start a explorer.exe with the Local System Acount Token? ... even when i start it with the Token from the Local System Account inside ... Both work with sockets and Service Control Codes and interact ...
    (microsoft.public.win32.programmer.kernel)
  • Re: Configuration of constrained delegation on windows 2003 server for LOCAL SYSTEM account
    ... Local System corresponds to the Computer account. ... constraining the computer account? ... But in the frontend/backend configurtion of exchange server, ... > OWA in IIS uses Local System account, ...
    (microsoft.public.platformsdk.security)
  • Re: c# widows services...
    ... to access network resources. ... Another major difference when running under the Local System account is ... that you don't have access to the desktop session of the ...
    (microsoft.public.dotnet.languages.csharp)