Solved

WinLogon, Impersonate and CreateProcess (CreateProcessAsUser)

Posted on 2003-11-08
14
1,603 Views
Last Modified: 2013-12-03
Hi Experts,

This is a question about WinLogon and how to start a new process within the users context.

The dll are registered in the Registry under the following key :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\....], Asynchronous=0, Impersonate=1.

I would like to start a program when the user login.
I dont have any problems about receiving the 'Logon' notification and create a new process.
The problem is that the new process is created in the same security context as the dll - which means that the program dont terminates on logout.
I guess that the dll runs in the same context as Services does, not sure.

Impersonate (from microsoft.com) :
>>Indicates whether Winlogon should impersonate the security context  of the logged-on user when it calls the notification package functions. If this value is set to 1, Winlogon uses impersonation. Otherwise, it does not.

If WinLogon impersonate it should be possible to use CreateProcess. But it doesn't seem to work - the process is not created in the users context.

I guess that i just got something wrong here - any ideas ??

Kind Regards
Peter
0
Comment
Question by:PeterLarsen
  • 6
  • 5
14 Comments
 
LVL 86

Expert Comment

by:jkr
Comment Utility
Check out http://www.microsoft.com/msj/0599/security/security0599.aspx - it comes with sample code on how to do that.
0
 
LVL 2

Author Comment

by:PeterLarsen
Comment Utility
Hi jkr,

I already have several links about this issue.
What i need help to, is to understand e.g. what the impersonation in WinLogon actually does - or how i load (if necessarily) users environment before calling CreateProcessAsUser.
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
>> or how i load (if necessarily) users environment before calling CreateProcessAsUser

The above article describes that :o)
0
 
LVL 2

Author Comment

by:PeterLarsen
Comment Utility
nah, you are talking about cmdasuser i guess - not usefull here since i'm using Winlogon in this case.
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
Yes, but it also illustrates how to initialize the environment.
0
 
LVL 2

Author Comment

by:PeterLarsen
Comment Utility
I need help to understand this - no more whitepapers please !!
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 86

Expert Comment

by:jkr
Comment Utility
0
 
LVL 2

Author Comment

by:PeterLarsen
Comment Utility
But does the samples interact with WinLogon ??
0
 
LVL 86

Expert Comment

by:jkr
Comment Utility
I'd say the code given in the download link answers the question.
0
 
LVL 2

Author Comment

by:PeterLarsen
Comment Utility
No it doesn't - i still don't know how Impersonation interact with Winlogon.
0
 
LVL 2

Author Comment

by:PeterLarsen
Comment Utility
Thank you.
0
 

Accepted Solution

by:
CetusMOD earned 0 total points
Comment Utility
PAQed, with points refunded (300)

CetusMOD
Community Support Moderator
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

This article describes a technique for converting RTF (Rich Text Format) data to HTML and provides C++ source that does it all in just a few lines of code. Although RTF is coming to be considered a "legacy" format, it is still in common use... po…
As more and more people are shifting to the latest .Net frameworks, the windows presentation framework is gaining importance by the day. Many people are now turning to WPF controls to provide a rich user experience. I have been using WPF controls fo…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now