Re: Desktop Creation

Tech-Archive recommends: Fix windows errors by optimizing your registry

From: Stefan Kuhr <kustt110@xxxxxx>
Date: Wed, 19 Sep 2007 00:17:30 +0200

Hello Bernard,

BT wrote:

[...] A workaround is, from the service (Session N), to create a process with a security context associated with the session M and delegate to this new process the desktop creation. But this is strange that no API exists to create a desktop in another session.

What is so bad about this workaround? It is the only solution that comes to (my) mind for your problem. As you say, there is no API for creating a desktop in a specific TS session. You first have to get a process running in the TS session (which is easy from a privileged service) and then create the desktop using this sort-of proxy process. After that you should be fine creating a process in the new desktop from your service, provided that the ACLs on the process and the Winsta0 in the TS session allow it.

--
Stefan
.

References:
- Re: Desktop Creation
  - From: David J. Craig
- Re: Desktop Creation
  - From: BT

Prev by Date: Re: Desktop Creation
Next by Date: Getting command line of another process
Previous by thread: Re: Desktop Creation
Next by thread: Re: Desktop Creation
Index(es):
- Date
- Thread

Relevant Pages

Re: Desktop Creation
... If I must store a secret I use CryptProtectDataAPI. ... But I don't understand what the resource creation is a potential security ... CreateDekstopuse the attached window station of the processus that call ... session 1 and communicate with an IPC with the SYSTEM service. ...
(microsoft.public.win32.programmer.kernel)
WTSQuerySessionInformation() - memory leak on WinXP/2K3
... I have some code in an application that makes use of the WTS*API ... The memory leak appears to be occurring within WTSQuerySessionInformation ... session id specified is the console or for a non-existent ...
(microsoft.public.win32.programmer.kernel)
Re: Desktop Creation
... Your statement only gives one small piece of the security picture. ... The reason for no desktop window access by services is that an unsecured ... session 1 and communicate with an IPC with the SYSTEM service. ... API evolution. ...
(microsoft.public.win32.programmer.kernel)
Re: Desktop Creation
... session 1 and communicate with an IPC with the SYSTEM service. ... API evolution. ... privileged security context and on the interactive session and communicate, ... CreateProcessAsUser API. ...
(microsoft.public.win32.programmer.kernel)
Re: Interactive user name?
... - no (LSA doesn't know about terminals, ... log into the system get a Terminal Services session, ... create a new "logon session", same as if you were running the telnet ... Retrieving the user's name or token using the Terminal Services API ...
(microsoft.public.win32.programmer.networks)