WinLogon, Impersonate and CreateProcess (CreateProcessAsUser)

Hi Experts,

This is a question about WinLogon and how to start a new process within the users context.

The dll are registered in the Registry under the following key :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\....], Asynchronous=0, Impersonate=1.

I would like to start a program when the user login.
I dont have any problems about receiving the 'Logon' notification and create a new process.
The problem is that the new process is created in the same security context as the dll - which means that the program dont terminates on logout.
I guess that the dll runs in the same context as Services does, not sure.

Impersonate (from microsoft.com) :
>>Indicates whether Winlogon should impersonate the security context  of the logged-on user when it calls the notification package functions. If this value is set to 1, Winlogon uses impersonation. Otherwise, it does not.

If WinLogon impersonate it should be possible to use CreateProcess. But it doesn't seem to work - the process is not created in the users context.

I guess that i just got something wrong here - any ideas ??

Kind Regards
Peter
LVL 2
PeterLarsenAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jkrCommented:
Check out http://www.microsoft.com/msj/0599/security/security0599.aspx - it comes with sample code on how to do that.
0
PeterLarsenAuthor Commented:
Hi jkr,

I already have several links about this issue.
What i need help to, is to understand e.g. what the impersonation in WinLogon actually does - or how i load (if necessarily) users environment before calling CreateProcessAsUser.
0
jkrCommented:
>> or how i load (if necessarily) users environment before calling CreateProcessAsUser

The above article describes that :o)
0
Cloud Class® Course: Microsoft Azure 2017

Azure has a changed a lot since it was originally introduce by adding new services and features. Do you know everything you need to about Azure? This course will teach you about the Azure App Service, monitoring and application insights, DevOps, and Team Services.

PeterLarsenAuthor Commented:
nah, you are talking about cmdasuser i guess - not usefull here since i'm using Winlogon in this case.
0
jkrCommented:
Yes, but it also illustrates how to initialize the environment.
0
PeterLarsenAuthor Commented:
I need help to understand this - no more whitepapers please !!
0
jkrCommented:
0
PeterLarsenAuthor Commented:
But does the samples interact with WinLogon ??
0
jkrCommented:
I'd say the code given in the download link answers the question.
0
PeterLarsenAuthor Commented:
No it doesn't - i still don't know how Impersonation interact with Winlogon.
0
PeterLarsenAuthor Commented:
Thank you.
0
CetusMODCommented:
PAQed, with points refunded (300)

CetusMOD
Community Support Moderator
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Development

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.