Solved

Get current user from system account 2

Posted on 2001-07-05
9
352 Views
Last Modified: 2010-09-16
Okay,

This question is related to a previous one: How can I get the current interactive logon user from a service running under the system account?

The answer provided by Epsilon was really good, although the circumstances have now changed.

- The Current user is NOT running explorer as shell. Instead, it's running a custom application, which may change for different users.

- The applications to be run as shell, have different class names and window names. The only common thing is the user that's logged on interactively (always same user).

- The Current user may or may NOT be running a shell (the custom application running as a shell may have crashed, hung or exit prematurely)

The service is running under the sytem account and have interact with desktop rights.

I tried looking for winsta0\default, but although it works fine on some computers running 2000 SP2, it fails on those running Win2K Sp1 (always return SYSTEM as user)

Because there's no specific application to look for, I've found no way fo getting ahold a windows handle to identify the owner.

The thing is that the service is kind of a watchdog service that is monitoring the application running as a shell for specific user. The computer autologons this user all the time.

If the application stop responding of exits prematurely, the service must logoff that user (and only that user!)inmediatelly, to cleanup the user environment and reload the application (by logging on the user again via autologon)

Any clues?

Luis
0
Comment
Question by:elkavayo
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 13

Expert Comment

by:Epsylon
ID: 6258621
Are you running an own shell?

Just an idea. When a user logs in, write the handle to the registry. The service can read it back and use it to get the current user.
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6258681
Why not using EnumDesktops and EnumDesktopWindows for each desktop? This way you should get all desktops and all windows of all programs that are running. From the windows you can get the processID (GetWindowThreadProcessID), then I think Epsylon's code should give you the user for each process.

Regards, Madshi.
0
 
LVL 13

Expert Comment

by:Epsylon
ID: 6258702
If EnumDesktopWindows works, then GetDesktopWindows will work to, I guess.
0
 

Author Comment

by:elkavayo
ID: 6259923
first answer to Epsylon. Yes, we are running custom shells. The problem with writing to the registry is that SYSTEM account doesn't have access to HKEY_CURRENT_USER for the logged on user, and the logged on user is an unpriviledge account that doesn't have write access to HKEY_LOCAL_MACHINE. The other thing is: what happens if the application crashes? the handle is still there, but it's invalid, and it's not useful for logging the current user off.

What would GetDesktopwindows help? AFAIK, the windowstation associated with the console is always 'winsta0' and the application desktop is always 'default'. Well, I got a handle to the winsta0\default, and still doesn't work. When the app crashes, there's no other windows open on the desktop.

I have written the following based on Epsylon's code:

function TAATestSvc.Username(var h: HWND): string;
var
  winstaCurrent: HWND;
  dwProcessId: DWORD;
  hProcess, hToken: THandle;
  a: array[0..255] of Char;
  s: Cardinal;
begin                                      
  try
    winstaCurrent := GetProcessWindowStation();
    if winstaCurrent <> 0 then
    begin
      h := winstaCurrent;
      GetWindowThreadProcessId(winstaCurrent, @dwProcessId);
      hProcess := OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
      OpenProcessToken(hProcess, TOKEN_ALL_ACCESS, hToken);
      ImpersonateLoggedOnUser(hToken);
      s := sizeof(a);
      GetUserName(a, s);
      Result := a;
      RevertToSelf;
      CloseHandle(hToken);
      CloseHandle(hProcess);
    end
    else
      result := '';
  except
  end;
end;

It works fine on Win2K Pro with SP2.WinstaCurrent is always 52 (regardless the user or session)
and I can reliably obtain the logon user. When no one is logged on, it returns SYSTEM.

The problem is that on Win2K SP1, it always returns SYSTEM. and I'm not sure which one is right. Is it a bug in SP1 corrected in SP2? Is it that SP2 implemented something that may change in SP3 or XP?

If the SP2 behavior is fine, then I'm set, but I'm not sure I should trust it.
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 13

Expert Comment

by:Epsylon
ID: 6259957
Are you are this is a sp1/sp2 issue and not some difference in the configuration?
0
 
LVL 20

Expert Comment

by:Madshi
ID: 6260056
Please check the return values of all the functions you're using. Does all succeed in your win2k sp1? Maybe one fails? If so, then please tell us the error code.
0
 

Author Comment

by:elkavayo
ID: 6260315
okay, I'm rather confused now.

are these ateps correctes for identifying the logged on user?

1.- Get a HWINSTA for winsta0 (system console: display, keyboard, mouse etc)
2.- Get a HDESK for "application desktop"  (default). That makes winsta0\default
3.- Enum all windows for that desktop.

I guess what we are looking for is a window-handle, in order to get the thread ID or process ID associated with that handle and find out the process o thread owner.

Now what do I do? I get a buch of windows, some of them belong to the logged on user, other to system, other to other services running as different accounts ...


Actually I'm now lacking a procedure, rather than a solution to identify the interactive logged on user.
0
 
LVL 26

Expert Comment

by:Russell Libby
ID: 8702146
No comment has been added lately, so it's time to clean up this TA.
I will leave a recommendation in the Cleanup topic area that this question is:

To be PAQ/Refund

Please leave any comments here within the next seven days.
 
PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER!
 
Thank you,
Russell

EE Cleanup Volunteer
0
 

Accepted Solution

by:
PashaMod earned 0 total points
ID: 8818562
Per recommendation,

PashaMod
Community Support Moderator @Experts Exchange
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Creating an auto free TStringList The TStringList is a basic and frequently used object in Delphi. On many occasions, you may want to create a temporary list, process some items in the list and be done with the list. In such cases, you have to…
In my programming career I have only very rarely run into situations where operator overloading would be of any use in my work.  Normally those situations involved math with either overly large numbers (hundreds of thousands of digits or accuracy re…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now