Re: Desktop Creation
- From: BT <BT@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 14 Sep 2007 03:24:01 -0700
The vista documentation say that all process running in SYSTEM context (and
in session 0) can not attach to any station on another session. Why, because
another program could inject code by message system. If a SYSTEM process must
send a notification, the only API is WTSSendMessage(). If SYSTEM must
intecract with user, it have to do with another process running in least
privileged security context and on the interactive session and communicate,
for instance, with a pipe correctly ACLed.
But what I try to do it very different. My SYSTEM process must simply create
a new process with a different security context and on another desktop that
'Default' on the intercative session 1. For that, my SYSTEM process use the
API CreateProcessAsUser with the token handle of security principal and
should specify the new desktop ('Winsta0\MyDesktop').
To do that, my SYSTEM service should only create the desktop and not attach
to it. I do not seen any security risk to simply create an 'object' and
attach it to another process. The only risk in the process creation is to
take care that specify FALSE for the 'bInheritHandles' parameter of
CreateProcessAsUser API.
What to do that ? Because the process that is created by SYSTYEM process
must run on another desktop that 'Default' for the same reasons that all
SYSTEM process run on different station that 'intercative' process.
Thanks for your quick response. Perhaps that the response is in the new API
of the winsta.dll of Vista but still undocumented.
Best regards.
Bernard Tollet.
"David J. Craig" wrote:
I would suggest you look at the documents released on Vista. What you want.
to do is prohibited, unadvisable, and dangerous. The OS finally stops it.
"BT" <BT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:850C84E0-B978-48AE-8B3F-07A9A82937F7@xxxxxxxxxxxxxxxx
Ok, the problem happens only on Vista (tested on XP, XP SP1, XP SP2 and
Windows Server 2003).
My version of Vista is Vista Ultimate English.
I use Visual Studio 2005 Pro in C#.
The problem is the following. I have a service started by SCM
(services.exe)
which have to launch a GUI application with a different security context
and
attached on a new deskop of the interactive window station (WinSta0).
First,
I logon the user with LsaLogonUser() API and after I have to create the
new
desktop. As my service runs without interactive desktop, I open the
WinSta0
(OpenWindowStation), 'impersonate' my service using
SetWindowStationProcess()
and use CreateDekstop() to create a desktop. The impersonation must be
done
because CreateDesktop has not parameter for window station :
HDESK CreateDesktop(
LPCTSTR lpszDesktop,
LPCTSTR lpszDevice,
LPDEVMODE pDevmode,
DWORD dwFlags,
ACCESS_MASK dwDesiredAccess,
LPSECURITY_ATTRIBUTES lpsa
);
Win32k.sys use internally the window station attached to current process.
After have created the desktop, I launch the GUI process with
CreateProsessAsUser and specify the newly created desktop. That works very
fine on old NT kernel (XP, 2003, ...). But with Vista, the service runs in
another session (Session ID 0). The session is not depend on process but
security context (aka, token attached to the process). As no API exists to
create a deskop in a specific session, I tried to change the session Id of
the service process token (SYSTEM) after have duplicate it. But this means
failed (using SetTokenInformation with TokenSessionId parameter). I also
tried to impersonate a logged user but without good results. My question
is
simple : how a process which runs in Session N can create a desktop in
another session M ? A workaround is, from the service (Session N), to
create
a process with a security context associated with the session M and
delegate
to this new process the desktop creation. But this is strange that no API
exists to create a desktop in another session.
Do not hesitate to ask me for more informations.
Thanks very much for you response.
Best regards.
"David J. Craig" wrote:
Restate your problem. Include minor details such as compiler used, SDK
version, OS (including 32 or 64 bit), and how the process is created.
"BT" <BT@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:71ACD29C-0EB1-43A2-8193-2DD42890DF74@xxxxxxxxxxxxxxxx
Thanks for you response, but it just works when a process A start
another
process B in another desktop but in the same session. If session is
different, it is impossible to create a desktop in the WinSta0 of the
other
session. The OpenWindowStation() does not work to open station on
another
session, event if object manager namespace like name '<depend on
system>\Session 1\WinSta0' is used.
Sorry, but this response dos not answer to my question.
Thanks very much for your response.
"Kellie Fitton" wrote:
On Sep 13, 9:58 am, BT <B...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
From a processus running in SYSTEM security context and Session 0,
how
can I
create a desktop on another Session. It seems that API like
OpenWindowStation() and CreateDekstop() apply always on the
processus
session
even if a duplicated secuirty token with other session number is
used
as
impersonation. For instance, I use a security token with session 1
but
desktop creation continue to apply on session 0. Create a new deskop
and ACL
it from session 0 to another session is not a potential security
risk.
If this question is out of subject here, could you tell me where I
can
post
this question.
Thanks.
Hi,
The following weblink should give you some pointers:
http://msdn2.microsoft.com/en-us/library/Aa379608.aspx
Kellie.
- Follow-Ups:
- Re: Desktop Creation
- From: Chuck Chopp
- Re: Desktop Creation
- References:
- Re: Desktop Creation
- From: David J. Craig
- Re: Desktop Creation
- From: BT
- Re: Desktop Creation
- From: David J. Craig
- Re: Desktop Creation
- Prev by Date: Re: Memory allocation
- Next by Date: Re: Process loads two copies of DLL
- Previous by thread: Re: Desktop Creation
- Next by thread: Re: Desktop Creation
- Index(es):
Relevant Pages
|
