Re: Interesting behavior of iexplore.exe when using CreateProcessAsUser...


"Tom Walker" <nobody@xxxxxxxxxxx> wrote in message news:uVIaovJVIHA.5208@xxxxxxxxxxxxxxxxxxxxxxx
"WTH" <wth@xxxxxxxxxx> wrote in message news:399E5D77-2724-4912-B04C-28A2870020E5@xxxxxxxxxxxxxxxx

The process manager, for failover support, keeps track of the process ID of a process it creates. This usually works just fine; but, in the case of iexplore.exe the process ID returned from CreateProcessAsUser NEVER matches up against the processes if I immediately enumerate the processes running in the system. The iexplore.exe instance has a totally differnet process ID, lol...

The service is running under the local system account, this is Vista Ultimate 32-bit (haven't tried other OSes yet), and I was wondering if it has to do with the fact that iexplore.exe is so sensitive to relative security levels (for example, when launching a trusted URL from an instance showing a default URL, iexplore.exe will launch a separate instance...)


On Vista, if you launch an instance of iexplore.exe with Medium Integrity, it will launch a Low Integrity instance of itself and the Medium Integrity instance will immediately terminate. Running at Low Integrity is more secure. You can see the integrity level of processes by using SysInternals Process Explorer.

I wonder if I need to tailor the security attributes passed to CreateProcessAsUser. From what you said it seems as though the process initially launches into the user session using the default security credentials for the process inherited from the windows service (which is runn as the system account) and iexplore.exe evaluates itself and thinks 'oh crud, this isn't right...'

WTH

.

Relevant Pages

  • Re: Interesting behavior of iexplore.exe when using CreateProcessAsUser...
    ... On Vista, if you launch an instance of iexplore.exe with Medium Integrity, it will launch a Low Integrity instance of itself and the Medium Integrity instance will immediately terminate. ...
    (microsoft.public.win32.programmer.kernel)
  • Re: launching a child process as the user logged in to Windows
    ... Use CreateProcessAsUser() ... > The setup program I'm writing has the option at the end to launch my main ... > launch the main application. ...
    (microsoft.public.win32.programmer.kernel)
  • Please help: "runas" and CreateProcessAsUser
    ... I tried to use "runas" command to launch the same ... The process launched from runas has a group named "LOCAL" but the process ... launched with CreateProcessAsUser does not have the same group. ... How can I get the same security group in CreateProcessAsUser ...
    (microsoft.public.platformsdk.security)
  • How does runas work?
    ... I tried to use "runas" command to launch the same ... The process launched from runas has a group named "LOCAL" but the process ... launched with CreateProcessAsUser does not have the same group. ... How can I get the same security group in CreateProcessAsUser ...
    (microsoft.public.win2000.security)
  • Using Restricted SIDs in CreateRestrictedToken causes CreateProcessAsUser to give error - "Appl
    ... drives and folders. ... partitions and folders. ... Used the restricted token in CreateProcessAsUser to launch my ... Here, CreateProcessAsUser is successfull in launching my application, ...
    (microsoft.public.win32.programmer.tools)