Good day.

I use the following code in Delphi to start the process on the desktop of the active user (the user “owning” at the time of launching the monitor) from under the service in Windows 7 (the service is running with system privileges):

function WTSQueryUserToken(SessionId: DWORD; phToken: pHandle):bool;stdcall;external 'wtsapi32.dll'; function WTSGetActiveConsoleSessionId: DWORD; stdcall; external 'Kernel32.dll'; ... procedure RunApp(FilePath:string); var hToken:THandle; si:STARTUPINFO; pi:PROCESS_INFORMATION; begin if WTSQueryUserToken(WtsGetActiveConsoleSessionID,@hToken) then begin ZeroMemory( @si ,SizeOf(si)); si.cb:=SizeOf(si); si.lpDesktop:=nil; CreateProcessAsUser(hToken,nil,PANSIChar(FilePath),nil,nil,False,0,nil,nil,si,pi); CloseHandle(hToken); end; end; 

I want to finish this code in order to transfer parent rights to the process being started (tobish system privileges from the service), but keeping the launch condition on the desktop of the active user. I am trying to do this through the impersonation of praymari token:

 WTSQueryUserToken(WtsGetActiveConsoleSessionID,@hToken) ... OpenProcessToken(GetCurrentProcess(),TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY or TOKEN_EXECUTE,sysToken); DuplicateTokenEx(sysToken,MAXIMUM_ALLOWED,nil,SecurityImpersonation,TokenPrimary,hToken); ... CreateProcessAsUser(hToken,nil,PANSIChar(FilePath),nil,nil,False,0,nil,nil,si,pi); 

But as a result, I still get a process running as an active user. With WinAPI bad sign. Most likely, I missed something or did not go to that side at all. Help with the solution of this problem.

    1 answer 1

    And if you just use the CreateProcess call? After all, then the child process will run on behalf of the current one. UPD: After reading the documentation, I came to the conclusion that you can easily start the process from one of the active users, or on behalf of the user with an additional reduction of rights, but you cannot create a superuser that displays information on the current screen. Maybe I'm wrong, then correct. To work around this limitation, I recommend using the method used in UNIX. It is necessary to start two processes: one shadow with the system service rights and one process with the launch on the screen, which will communicate with each other through localhost sockets.

    • As far as I understand, this will violate the launch condition on the desktop of the active user, since the token will no longer be transferred. - Romero