Re: Desktop Creation

I would suggest you look at the documents released on Vista. What you want
to do is prohibited, unadvisable, and dangerous. The OS finally stops it.

"BT" <BT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:850C84E0-B978-48AE-8B3F-07A9A82937F7@xxxxxxxxxxxxxxxx
Ok, the problem happens only on Vista (tested on XP, XP SP1, XP SP2 and
Windows Server 2003).
My version of Vista is Vista Ultimate English.

I use Visual Studio 2005 Pro in C#.

The problem is the following. I have a service started by SCM
(services.exe)
which have to launch a GUI application with a different security context
and
attached on a new deskop of the interactive window station (WinSta0).
First,
I logon the user with LsaLogonUser() API and after I have to create the
new
desktop. As my service runs without interactive desktop, I open the
WinSta0
(OpenWindowStation), 'impersonate' my service using
SetWindowStationProcess()
and use CreateDekstop() to create a desktop. The impersonation must be
done
because CreateDesktop has not parameter for window station :

HDESK CreateDesktop(
LPCTSTR lpszDesktop,
LPCTSTR lpszDevice,
LPDEVMODE pDevmode,
DWORD dwFlags,
ACCESS_MASK dwDesiredAccess,
LPSECURITY_ATTRIBUTES lpsa
);

Win32k.sys use internally the window station attached to current process.
After have created the desktop, I launch the GUI process with
CreateProsessAsUser and specify the newly created desktop. That works very
fine on old NT kernel (XP, 2003, ...). But with Vista, the service runs in
another session (Session ID 0). The session is not depend on process but
security context (aka, token attached to the process). As no API exists to
create a deskop in a specific session, I tried to change the session Id of
the service process token (SYSTEM) after have duplicate it. But this means
failed (using SetTokenInformation with TokenSessionId parameter). I also
tried to impersonate a logged user but without good results. My question
is
simple : how a process which runs in Session N can create a desktop in
another session M ? A workaround is, from the service (Session N), to
create
a process with a security context associated with the session M and
delegate
to this new process the desktop creation. But this is strange that no API
exists to create a desktop in another session.

Do not hesitate to ask me for more informations.
Thanks very much for you response.

Best regards.

"David J. Craig" wrote:

Restate your problem. Include minor details such as compiler used, SDK
version, OS (including 32 or 64 bit), and how the process is created.

"BT" <BT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:71ACD29C-0EB1-43A2-8193-2DD42890DF74@xxxxxxxxxxxxxxxx
Thanks for you response, but it just works when a process A start
another
process B in another desktop but in the same session. If session is
different, it is impossible to create a desktop in the WinSta0 of the
other
session. The OpenWindowStation() does not work to open station on
another
session, event if object manager namespace like name '<depend on
system>\Session 1\WinSta0' is used.

Sorry, but this response dos not answer to my question.
Thanks very much for your response.

"Kellie Fitton" wrote:

On Sep 13, 9:58 am, BT <B...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
From a processus running in SYSTEM security context and Session 0,
how
can I
create a desktop on another Session. It seems that API like
OpenWindowStation() and CreateDekstop() apply always on the
processus
session
even if a duplicated secuirty token with other session number is
used
as
impersonation. For instance, I use a security token with session 1
but
desktop creation continue to apply on session 0. Create a new deskop
and ACL
it from session 0 to another session is not a potential security
risk.

If this question is out of subject here, could you tell me where I
can
post
this question.

Thanks.


Hi,

The following weblink should give you some pointers:

http://msdn2.microsoft.com/en-us/library/Aa379608.aspx

Kellie.








.

Relevant Pages

  • RE: How to create a local server (i.e., localhost)
    ... logon user session and hard to automate in a non-interactive service ... Since the webserver.exe is a winform application which has a main window, ... already running on a given port? ...
    (microsoft.public.dotnet.languages.vb)
  • Re: Code after RUNNING status? - reformatted -
    ... For Vista I rewrote Tom's 'VSTEXEC' TSO command for VM. ... By changing the Title sessions are named even when the session is ... It shows the IP hostname in frame of the window too. ...
    (bit.listserv.ibm-main)
  • RE: automatic logoff - two scenarios
    ... in order to prevent losing established remote desktop connections or e-mail ... continue the session with a pop-up Yes/No window. ... If the user does not respond after one minute, the pop-up window will ...
    (microsoft.public.windows.server.sbs)
  • Re: cookie not sent with window.open
    ... through the web-server then the browser would not pass the session cookie to ... >> - the user clicks this hyperlink, which opens a new Internet Explorer ... >> open a new window calling useCookie.asp ...
    (microsoft.public.inetserver.asp.general)
  • Re: Concurrent session issues. Currently our website can have only one window open. Help me solve th
    ... Maybe I'm abusing the use of $_SESSION but I have data entry processes ... way I know that this would be possible (uses arrays in arrays). ... I were to open up a window and start the data entry it would overwrite ... each 'step1', then no matter how many windows they have open, each one ...
    (comp.lang.php)