WinLogon, Impersonate and CreateProcess (CreateProcessAsUser)

Hi Experts,

This is a question about WinLogon and how to start a new process within the users context.

The dll are registered in the Registry under the following key :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\....], Asynchronous=0, Impersonate=1.

I would like to start a program when the user login.
I dont have any problems about receiving the 'Logon' notification and create a new process.
The problem is that the new process is created in the same security context as the dll - which means that the program dont terminates on logout.
I guess that the dll runs in the same context as Services does, not sure.

Impersonate (from :
>>Indicates whether Winlogon should impersonate the security context  of the logged-on user when it calls the notification package functions. If this value is set to 1, Winlogon uses impersonation. Otherwise, it does not.

If WinLogon impersonate it should be possible to use CreateProcess. But it doesn't seem to work - the process is not created in the users context.

I guess that i just got something wrong here - any ideas ??

Kind Regards
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Check out - it comes with sample code on how to do that.
PeterLarsenAuthor Commented:
Hi jkr,

I already have several links about this issue.
What i need help to, is to understand e.g. what the impersonation in WinLogon actually does - or how i load (if necessarily) users environment before calling CreateProcessAsUser.
>> or how i load (if necessarily) users environment before calling CreateProcessAsUser

The above article describes that :o)
CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

PeterLarsenAuthor Commented:
nah, you are talking about cmdasuser i guess - not usefull here since i'm using Winlogon in this case.
Yes, but it also illustrates how to initialize the environment.
PeterLarsenAuthor Commented:
I need help to understand this - no more whitepapers please !!
PeterLarsenAuthor Commented:
But does the samples interact with WinLogon ??
I'd say the code given in the download link answers the question.
PeterLarsenAuthor Commented:
No it doesn't - i still don't know how Impersonation interact with Winlogon.
PeterLarsenAuthor Commented:
Thank you.
PAQed, with points refunded (300)

Community Support Moderator

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Development

From novice to tech pro — start learning today.