| Remote Desktop still an issue |
|
| Author |
Message |
wolf777
|
 Posted: Security for Applications in Windows Vista, Remote Desktop still an issue |
Top |
According to some MS documents (e.g. http://www.microsoft.com/whdc/system/vista/services.mspx), it should be possible to use CreateProcessAsUser() API in a Vista service to create a process in user session. I am trying to achive this, but the function returns error code 1307 (ERROR_INVALID_OWNER) = "This security ID may not be assigned as the owner of this object."
Does it work for somebody Many thanks in advance.
Software Development for Windows Vista12
|
| |
|
| |
|
efratian
|
| Posted: Security for Applications in Windows Vista, Remote Desktop still an issue |
Top |
The same code works for us on Vista as on XP, etc. The service is running as the Local System.
1. use WTSGetActiveConsoleSessionId to get the ID of the current active Windows session at the console (i.e. the machine keyboard and display, as opposed to WTS sessions).
2. use WTSQueryUserToken to get the token for that session.
3. use DuplicateTokenEx(hToken,MAXIMUM_ALLOWED,NULL,SecurityIdentification,TokenPrimary, &hTokenDup) to duplicate that token.
4. use CreateEnvironmentBlock to create an environment that you will be passing to the process.
5. use CreateProcessAsUser with the duplicated token and the created environment. Actually, we use CreateProcessAsUserW, since the A version had some sort of bug on some older systems.
6. Don't forget to CloseHandle on the various tokens, etc, and to DestroyEnvironmentBlock the environment.
|
| |
|
| |
|
advdbg
|
| Posted: Security for Applications in Windows Vista, Remote Desktop still an issue |
Top |
Is CreateEnvironmentBlock() necessary
|
| |
|
| |
|
efratian
|
| Posted: Security for Applications in Windows Vista, Remote Desktop still an issue |
Top |
Only if you want the process to have an environment.
|
| |
|
| |
|
Ganeshm
|
| Posted: Security for Applications in Windows Vista, Remote Desktop still an issue |
Top |
Mine was the same senerio, calling CreateProcessAsUser from service.
I followed the steps given by you, and it really worked for me thanks
HANDLE hTokenNew = NULL, hTokenDup = NULL;
HMODULE hmod = LoadLibrary("kernel32.dll");
WTSGETACTIVECONSOLESESSIONID lpfnWTSGetActiveConsoleSessionId = (WTSGETACTIVECONSOLESESSIONID)GetProcAddress(hmod,"WTSGetActiveConsoleSessionId");
DWORD dwSessionId = lpfnWTSGetActiveConsoleSessionId();
WTSQueryUserToken(dwSessionId, &hToken);
DuplicateTokenEx(hTokenNew,MAXIMUM_ALLOWED,NULL,SecurityIdentification,TokenPrimary,&hTokenDup);
//
WriteToLog("Calling lpfnCreateEnvironmentBlock");
ZeroMemory( &si, sizeof( STARTUPINFO ) );
si.cb = sizeof( STARTUPINFO );
si.lpDesktop = "winsta0\\default";
LPVOID pEnv = NULL;
DWORD dwCreationFlag = NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE;
HMODULE hModule = LoadLibrary("Userenv.dll");
if(hModule )
{
LPFN_CreateEnvironmentBlock lpfnCreateEnvironmentBlock = (LPFN_CreateEnvironmentBlock)GetProcAddress( hModule, "CreateEnvironmentBlock" );
if( lpfnCreateEnvironmentBlock != NULL )
{
if(lpfnCreateEnvironmentBlock(&pEnv, hTokenDup, FALSE))
{
WriteToLog("CreateEnvironmentBlock Ok");
dwCreationFlag |= CREATE_UNICODE_ENVIRONMENT;
}
else
{
pEnv = NULL;
}
}
}
//
ZeroMemory( &pi,sizeof(pi));
if ( !CreateProcessAsUser(
hTokenDup,
NULL,
( char * )pszCmd,
NULL,
NULL,
FALSE,
dwCreationFlag,
pEnv,
NULL,
&si,
&pi
) )
{
goto RESTORE;
}
|
| |
|
| |
|
VJJJ
|
| Posted: Security for Applications in Windows Vista, Remote Desktop still an issue |
Top |
I am doing basically the same thing, but I get "CreateProcessAsUser failed with 123"
I have tried everything I cn think of with no luck
|
| |
|
| |
|
efratian
|
| Posted: Security for Applications in Windows Vista, Remote Desktop still an issue |
Top |
123 is ERROR_INVALID_NAME ("The filename, directory name, or volume label syntax is incorrect"). Check the command line / exe path you are passing it. Also, keep in mind that Local System does not have privileges to access network paths, and does not have the mapped drives that a user might have.
|
| |
|
| |
|
Ganeshm
|
| Posted: Security for Applications in Windows Vista, Remote Desktop still an issue |
Top |
|
| |
|
Eric Perlin
|
| Posted: Security for Applications in Windows Vista, Remote Desktop still an issue |
Top |
The TS session in which the process is started will be based on the session id of the token passed to CreateProcessAsUser. If the token is for an interactive logged on user, it should already have the correct session id.
The windowstation/desktop can be specified in the STARTUPINFO structure. "Winsta0\Default" is the default user's desktop.
|
| |
|
| |
|
misiu_mietowy
|
| Posted: Security for Applications in Windows Vista, Remote Desktop still an issue |
Top |
[Ganeshm wrote]Mine was the same senerio, calling CreateProcessAsUser from service.
I followed the steps given by you, and it really worked for me thanks
HANDLE hTokenNew = NULL, hTokenDup = NULL;
HMODULE hmod = LoadLibrary("kernel32.dll"); ... | | Hi ! Could you tell me what sort of libraries did you included to make this piece of code working When I pasted it in VS a lot of errors occured... For sure there were libraries: WtsApi32.h, windows.h and variables declarations STARTUPINFO si; PROCESS_INFORMATION pi;, but others I cannot guess...
Creating process , using this function is very important for me, so I'd be grateful for an answer... :)
|