Re: HELP! CreateProcessWithLogonW issue

From: Yu Chen [MS] (yuchen_at_online.microsoft.com)
Date: 08/19/04

• Next message: Yu Chen [MS]: "Re: HELP! CreateProcessWithLogonW issue"
• Previous message: JTrigger: "Calling .Net web service using a PERL client."
• In reply to: Andrew Zimmer: "Re: HELP! CreateProcessWithLogonW issue"
• Next in thread: Yu Chen [MS]: "Re: HELP! CreateProcessWithLogonW issue"
• Reply: Yu Chen [MS]: "Re: HELP! CreateProcessWithLogonW issue"
• Reply: Andrew Zimmer: "Re: HELP! CreateProcessWithLogonW issue"
• Messages sorted by: [ date ] [ thread ]

---

Date: Thu, 19 Aug 2004 15:16:02 -0700

If your service is started under Local System account, this is a known issue
in Windows Server 2003 and XPSP2 - the CreateProcessWithLogonW API is
changed to better handle the new process' use of desktop by utilizing "Logon
Sid" in the caller's token. However the local system token (under which your
GINA is running) doesn't have a "Logon sid" so the API failed when caller is
local system.

You can use LogonUser and CreateProcessAsUser to achieve the same thing.

This info will be included in next release of MSDN.

-- 
Yu Chen [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Andrew Zimmer" <zimmera@charter.net> wrote in message
news:485f505f.0408181919.5adec780@posting.google.com...
> I have the same issue with using CreateProcessWithLogonW on a 2003
> machine.  The application does not start.  It doesn't even generate an
> error message.  I tried using the below example but it will not work
> when trying to login to the same machine.
>
> Does anyone know how to deal with this Server 2003 security issue?  I
> have granted about every local security setting policy setting to both
> the ID doing the impersonation and the ID it is trying to impersonate
> to.
>
> I am trying to start an app under a specific ID from a windows
> service.  It works great on Server 2000 but not 2003.

---

• Next message: Yu Chen [MS]: "Re: HELP! CreateProcessWithLogonW issue"
• Previous message: JTrigger: "Calling .Net web service using a PERL client."
• In reply to: Andrew Zimmer: "Re: HELP! CreateProcessWithLogonW issue"
• Next in thread: Yu Chen [MS]: "Re: HELP! CreateProcessWithLogonW issue"
• Reply: Yu Chen [MS]: "Re: HELP! CreateProcessWithLogonW issue"
• Reply: Andrew Zimmer: "Re: HELP! CreateProcessWithLogonW issue"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: HELP! CreateProcessWithLogonW issue ... If your service is started under Local System account, ... in Windows Server 2003 and XPSP2 - the CreateProcessWithLogonW API is ... > Does anyone know how to deal with this Server 2003 security issue? ... (microsoft.public.dotnet.framework) Re: HELP! CreateProcessWithLogonW issue ... If your service is started under Local System account, ... in Windows Server 2003 and XPSP2 - the CreateProcessWithLogonW API is ... > Does anyone know how to deal with this Server 2003 security issue? ... (microsoft.public.platformsdk.security) Re: HELP! CreateProcessWithLogonW issue ... If your service is started under Local System account, ... in Windows Server 2003 and XPSP2 - the CreateProcessWithLogonW API is ... > Does anyone know how to deal with this Server 2003 security issue? ... (microsoft.public.dotnet.framework.aspnet.security) WMI works except process create (urgent) ... A service running under the Local System account is failing to create a ... The same program works on another W2K3 server as well as on many W2K ... I've compared DCOM an WMI Control security settings to other ... admin) other than Local System. ... (microsoft.public.win32.programmer.wmi) Re: SBS Monitoring Issues ... should be configured to run as Local System. ... Microsoft Small Business Server Support ... SBS 2000: microsoft.public.backoffice.smallbiz2000 ... > SQLServerAgent must be able to connect to SQLServer as ... (microsoft.public.windows.server.sbs)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(16)