Re: Terminal services commandline utilities denied from programmatic access?
- From: "Kristofer G. Skaug [SSBV]" <no@xxxxxxxxxxxx>
- Date: Sat, 30 May 2009 12:26:21 +0200
Hi Soo Kuan,
thanks for the response - the test program is a 32-bit executable.
What parameters would I have to provide to cmd.exe in order to ensure I'm invoking a 32-bit version of qwinsta.exe?
qwinsta.exe is present in C:\Windows\System32
but not in C:\Windows\SysWOW64
best regards,
Kristofer
"Soo Kuan Teo [MSFT]" <sookuant@xxxxxxxxxxxxxxxxxxxx> wrote in message news:eHCyqHI4JHA.1420@xxxxxxxxxxxxxxxxxxxxxxx
Can you please double check if the binary you created is a x64 binary? It appears that it tries to execute a wow64 (x86) qwinsta.exe on a 64 bit windows.
Thanks
Soo Kuan
--
This posting is provided "AS IS" with no warranties, and confers no rights.
"Kristofer G. Skaug [SSBV]" <no@xxxxxxxxxxxx> wrote in message news:%23XNTnKG4JHA.240@xxxxxxxxxxxxxxxxxxxxxxxDear all -
(formerly posted this in microsoft.public.windows.vista.security, with no response...).
I have a library function that is calling the 'qwinsta' utility and parses its output, in order to detect the presence of a Remote Desktop login session. Specifically what is done is to launch the command line:
'cmd.exe /c qwinsta.exe /server'
using a CreateProcess() WinAPI call, and then receive the text response in a pipe. This has always worked well on Windows XP, I get the expected output. Now I have a new Vista x64 Ultimate system. I have verified that 'qwinsta' is installed, and the above command works properly when manually typed from an "Administrator:" command prompt.
However, the routine in my library fails to access 'qwinsta' when executed from within a test program - I receive the following output:
-> "'qwinsta.exe' is not recognized as an internal or external command, operable program or batch file."
Using the same commandline invocation format from the same program on the same system, I am perfectly able to invoke other utilities in the c:\Windows\System32 directory, e.g. SYSTEMINFO. So it's not a Path issue.
My account is member of the "Administrators" group, and I've even tried running the test program "As Administrator" (from the context menu) but no difference. I have completely turned off UAC.
By experimentation using the Winternals "Sigcheck" utility, I've determined that this same problem manifests itself for ALL the commandline utilities in Windows\System32 whose manifest declares that they are members of the "Microsoft.Windows.TerminalServices.*" namespace.
So this problem applies to (at least) the following set of commands:
qprocess, quser, shadow, msg, chang, ChgLogon, ChgPort, ChgUsr, Logoff, QAppsrv, query, RDPClip, Reset, RWinsta, TSCon, TSDisCon, TSKill, TSTheme,
All other commands in \System32 (as far as I can tell) like tasklist, ping, netstat etc. do work as expected.
Terminal Services are definitely installed on the system and working (I can access this box fine with Remote Desktop).
This problem is evident on at least two separate installations of Vista Ultimate x64 (same hardware, different users).
Please, if someone has an idea what this could be, let me know!
Also, if there's a better forum somewhere to ask this question - -
TIA, Kristofer
.
- References:
- Re: Terminal services commandline utilities denied from programmatic access?
- From: Soo Kuan Teo [MSFT]
- Re: Terminal services commandline utilities denied from programmatic access?
- Prev by Date: Re: Terminal services commandline utilities denied from programmatic access?
- Next by Date: Re[2]: Terminal services commandline utilities denied from programmatic access?
- Previous by thread: Re: Terminal services commandline utilities denied from programmatic access?
- Next by thread: Re[2]: Terminal services commandline utilities denied from programmatic access?
- Index(es):
Relevant Pages
|
