WinLogon, Impersonate and CreateProcess (CreateProcessAsUser)
Posted on 2003-11-08
This is a question about WinLogon and how to start a new process within the users context.
The dll are registered in the Registry under the following key :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\....], Asynchronous=0, Impersonate=1.
I would like to start a program when the user login.
I dont have any problems about receiving the 'Logon' notification and create a new process.
The problem is that the new process is created in the same security context as the dll - which means that the program dont terminates on logout.
I guess that the dll runs in the same context as Services does, not sure.
Impersonate (from microsoft.com) :
>>Indicates whether Winlogon should impersonate the security context of the logged-on user when it calls the notification package functions. If this value is set to 1, Winlogon uses impersonation. Otherwise, it does not.
If WinLogon impersonate it should be possible to use CreateProcess. But it doesn't seem to work - the process is not created in the users context.
I guess that i just got something wrong here - any ideas ??