Solved

CreateProcess from service

Posted on 2002-03-18
13
1,742 Views
Last Modified: 2013-11-20
Hello,
I am using CreateProcess function from within Windows Service and want to launch Internet Explorer. But whenever I launch it then I get a dialog box (when first time Internet Explorer is run on system then we get a dialog box to enter IE settings, same dialog box appear in this case). I don't want this dialog boz to appear. Same code works fins in Dialog Based application. I don't know what are the rights problem with Windows Services. Please help me.
0
Comment
Question by:haider
  • 7
  • 6
13 Comments
 
LVL 86

Expert Comment

by:jkr
ID: 6877039
>>I don't know what are the rights problem with Windows
>>Services

http://www.microsoft.com/msj/defaultframe.asp?page=/msj/0398/service2.htm&nav=/msj/0398/newnav.htm

("Why Do Certain Win32 Technologies Misbehave in Windows NT Services?")

You get the dialog box because the service runs under a different user account. "Impersonate" the user that is logged on to avoid that.

0
 

Author Comment

by:haider
ID: 6877117
But how to do that. Please give me some clue.
0
 
LVL 86

Expert Comment

by:jkr
ID: 6877168
Well, what you need to do is

LogonUser();
ImpersonateLoggedOnUser();

// do stuff

RevertToSelf();

E.g.:

   HANDLE          hToken  =   NULL;

   if  (   !LogonUser  (   ( char*) pszUsername,
                           NULL,
                           ( char*) pszPwd,
                           LOGON32_LOGON_INTERACTIVE,
                           LOGON32_PROVIDER_DEFAULT,
                           &hToken
                       )
       )
       {
           return  (   GetLastError    ());
       }

   if  (   !ImpersonateLoggedOnUser    (   hToken)
       )
       {
           return  (   GetLastError    ());
       }

You alternatively could obtain a token from a process the user is running (explorer.exe is a good choice <s>). You'll nedd the PID to call 'OpenProcess()', then 'OpenProcessToken()' with 'TOKEN_IMPERSONATE' access. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;q175030 ("HOWTO: Enumerate Applications Using Win32 APIs (Q175030)") on how to get that PID - it comes with sample code.
0
 

Author Comment

by:haider
ID: 6877311
LogonUser(); function returs ERROR_PRIVILEGE_NOT_HELD error???
0
 
LVL 86

Expert Comment

by:jkr
ID: 6877374
You have to assign the "SE_TCB_NAME" privilege to the account the service is running under (this is mentioned in the docs, BTW)
0
 

Author Comment

by:haider
ID: 6877455
I tried to "AdjustTokenPrivileges" use function, but I m getting error. How can I set "SE_TCB_NAME" privilege to service???
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 86

Expert Comment

by:jkr
ID: 6877467
The easiest way is to open the user manager and do it from there.
0
 

Author Comment

by:haider
ID: 6877682
Can u please explain it clearly. I want to do all these things programatically. Please ....
0
 
LVL 86

Expert Comment

by:jkr
ID: 6877754
Have you tried what I mentioned about getting the user token from a user process? You cannot hardcode every user's password anyway, and setting privileges from within code isn't trivial at all...
0
 

Author Comment

by:haider
ID: 6877772
But if I get user token from a user process, then will this token have privileges that I require???
0
 
LVL 86

Accepted Solution

by:
jkr earned 300 total points
ID: 6877800
'Tokens' don't have privileges - once you have a security token, you can impersonate the owner of that token, calling 'ImpersonateLoggedOnUser()' does not require any special privilege...
0
 
LVL 86

Expert Comment

by:jkr
ID: 6886231
Well, anything new?
0
 

Author Comment

by:haider
ID: 6887889
Thats really gr8 and it works. I use "OpenProcess" for "explorer.exe" and then I use "ImpersonateLoggedOnUser".

Thanx!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

This is to be the first in a series of articles demonstrating the development of a complete windows based application using the MFC classes.  I’ll try to keep each article focused on one (or a couple) of the tasks that one may meet.   Introductio…
Exception Handling is in the core of any application that is able to dignify its name. In this article, I'll guide you through the process of writing a DRY (Don't Repeat Yourself) Exception Handling mechanism, using Aspect Oriented Programming.
This video will show you how to get GIT to work in Eclipse.   It will walk you through how to install the EGit plugin in eclipse and how to checkout an existing repository.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now