Marcin Rzeznicki
5/6/2007 5:40:00 PM
Hi
I am attemtping to start some process on interactive user desktop from
Windows Service running under LocalSystem account. Here relevant code
parts go:
if (!NativeMethods.OpenProcessToken(processHandle,
DesiredAccess.TOKEN_QUERY | DesiredAccess.TOKEN_DUPLICATE |
DesiredAccess.TOKEN_ASSIGN_PRIMARY, out userToken))
{
lastErrorCode = Marshal.GetLastWin32Error();
throw new ApplicationException("Cannot obtain
process token");
} //here I obtain security token from user's running
process
IntPtr duplicatedUserToken = IntPtr.Zero;
if (!NativeMethods.DuplicateTokenEx(userToken, 0,
IntPtr.Zero, SecurityImpersonationLevel.SecurityImpersonation,
TokenType.TokenPrimary, out duplicatedUserToken))
{
lastErrorCode = Marshal.GetLastWin32Error();
throw new ApplicationException("Cannot duplicate
user token");
} //here I promote the token to primary token
NativeMethods.CloseHandle(userToken); //closing the
token
userToken = duplicatedUserToken; //assigning
duplicated token to class member
// then I use duplicated token to start process in interactive desktop
StartupInfo si = new StartupInfo();
si.cb = Marshal.SizeOf(si);
si.lpDesktop = DesktopName;
if (!NativeMethods.CreateProcessAsUser(userToken, null,
commandLine, IntPtr.Zero, IntPtr.Zero, false, 0x04000000 | 0x00000008,
IntPtr.Zero, null, ref si, ref hooker)) //starting my process on
interactive desktop
{
lastErrorCode = Marshal.GetLastWin32Error();
throw new ApplicationException("Cannot start
process");
}
(NativeMethods class contains static stubs to WinApi methods. I've
also defined enums to use in place of winapi constants)
Execution of CreateProcessAsUser ends with "Invalid handle" error
code. I think it has sth to do with user security token but I am
unsure what I'm doing wrong. I'd greatly appreciate if someone could
clarify this for me. Thanks in advance.