Solved

Get current user from system account 2

Posted on 2001-07-05
9
369 Views
Last Modified: 2010-09-16
Okay,

This question is related to a previous one: How can I get the current interactive logon user from a service running under the system account?

The answer provided by Epsilon was really good, although the circumstances have now changed.

- The Current user is NOT running explorer as shell. Instead, it's running a custom application, which may change for different users.

- The applications to be run as shell, have different class names and window names. The only common thing is the user that's logged on interactively (always same user).

- The Current user may or may NOT be running a shell (the custom application running as a shell may have crashed, hung or exit prematurely)

The service is running under the sytem account and have interact with desktop rights.

I tried looking for winsta0\default, but although it works fine on some computers running 2000 SP2, it fails on those running Win2K Sp1 (always return SYSTEM as user)

Because there's no specific application to look for, I've found no way fo getting ahold a windows handle to identify the owner.

The thing is that the service is kind of a watchdog service that is monitoring the application running as a shell for specific user. The computer autologons this user all the time.

If the application stop responding of exits prematurely, the service must logoff that user (and only that user!)inmediatelly, to cleanup the user environment and reload the application (by logging on the user again via autologon)

Any clues?

Luis
0
Comment
Question by:elkavayo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 13

Expert Comment

by:Epsylon
ID: 6258621
Are you running an own shell?

Just an idea. When a user logs in, write the handle to the registry. The service can read it back and use it to get the current user.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6258681
Why not using EnumDesktops and EnumDesktopWindows for each desktop? This way you should get all desktops and all windows of all programs that are running. From the windows you can get the processID (GetWindowThreadProcessID), then I think Epsylon's code should give you the user for each process.

Regards, Madshi.
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 6258702
If EnumDesktopWindows works, then GetDesktopWindows will work to, I guess.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 

Author Comment

by:elkavayo
ID: 6259923
first answer to Epsylon. Yes, we are running custom shells. The problem with writing to the registry is that SYSTEM account doesn't have access to HKEY_CURRENT_USER for the logged on user, and the logged on user is an unpriviledge account that doesn't have write access to HKEY_LOCAL_MACHINE. The other thing is: what happens if the application crashes? the handle is still there, but it's invalid, and it's not useful for logging the current user off.

What would GetDesktopwindows help? AFAIK, the windowstation associated with the console is always 'winsta0' and the application desktop is always 'default'. Well, I got a handle to the winsta0\default, and still doesn't work. When the app crashes, there's no other windows open on the desktop.

I have written the following based on Epsylon's code:

function TAATestSvc.Username(var h: HWND): string;
var
  winstaCurrent: HWND;
  dwProcessId: DWORD;
  hProcess, hToken: THandle;
  a: array[0..255] of Char;
  s: Cardinal;
begin                                      
  try
    winstaCurrent := GetProcessWindowStation();
    if winstaCurrent <> 0 then
    begin
      h := winstaCurrent;
      GetWindowThreadProcessId(winstaCurrent, @dwProcessId);
      hProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
      OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, hToken);
      ImpersonateLoggedOnUser(hToken);
      s := sizeof(a);
      GetUserName(a, s);
      Result := a;
      RevertToSelf;
      CloseHandle(hToken);
      CloseHandle(hProcess);
    end
    else
      result := '';
  except
  end;
end;

It works fine on Win2K Pro with SP2.WinstaCurrent is always 52 (regardless the user or session)
and I can reliably obtain the logon user. When no one is logged on, it returns SYSTEM.

The problem is that on Win2K SP1, it always returns SYSTEM. and I'm not sure which one is right. Is it a bug in SP1 corrected in SP2? Is it that SP2 implemented something that may change in SP3 or XP?

If the SP2 behavior is fine, then I'm set, but I'm not sure I should trust it.
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 6259957
Are you are this is a sp1/sp2 issue and not some difference in the configuration?
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6260056
Please check the return values of all the functions you're using. Does all succeed in your win2k sp1? Maybe one fails? If so, then please tell us the error code.
0
 

Author Comment

by:elkavayo
ID: 6260315
okay, I'm rather confused now.

are these ateps correctes for identifying the logged on user?

1.- Get a HWINSTA for winsta0 (system console: display, keyboard, mouse etc)
2.- Get a HDESK for "application desktop"  (default). That makes winsta0\default
3.- Enum all windows for that desktop.

I guess what we are looking for is a window-handle, in order to get the thread ID or process ID associated with that handle and find out the process o thread owner.

Now what do I do? I get a buch of windows, some of them belong to the logged on user, other to system, other to other services running as different accounts ...


Actually I'm now lacking a procedure, rather than a solution to identify the interactive logged on user.
0
 
LVL 26

Expert Comment

by:Russell Libby
ID: 8702146
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

To be PAQ/Refund

Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
Thank you,
Russell

EE Cleanup Volunteer
0
 

Accepted Solution

by:
PashaMod earned 0 total points
ID: 8818562
Per recommendation,

PashaMod
Community Support Moderator @Experts Exchange
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how to create forms/units independent of other forms/units object names in a delphi project. Have you ever created a form for user input in a Delphi project and then had the need to have that same form in a other Delphi proj…
Have you ever had your Delphi form/application just hanging while waiting for data to load? This is the article to read if you want to learn some things about adding threads for data loading in the background. First, I'll setup a general applica…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses
Course of the Month4 days, 12 hours left to enroll

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question