• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1699
  • Last Modified:

WinLogon, Impersonate and CreateProcess (CreateProcessAsUser)

Hi Experts,

This is a question about WinLogon and how to start a new process within the users context.

The dll are registered in the Registry under the following key :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\....], Asynchronous=0, Impersonate=1.

I would like to start a program when the user login.
I dont have any problems about receiving the 'Logon' notification and create a new process.
The problem is that the new process is created in the same security context as the dll - which means that the program dont terminates on logout.
I guess that the dll runs in the same context as Services does, not sure.

Impersonate (from microsoft.com) :
>>Indicates whether Winlogon should impersonate the security context  of the logged-on user when it calls the notification package functions. If this value is set to 1, Winlogon uses impersonation. Otherwise, it does not.

If WinLogon impersonate it should be possible to use CreateProcess. But it doesn't seem to work - the process is not created in the users context.

I guess that i just got something wrong here - any ideas ??

Kind Regards
Peter
0
PeterLarsen
Asked:
PeterLarsen
  • 6
  • 5
1 Solution
 
jkrCommented:
Check out http://www.microsoft.com/msj/0599/security/security0599.aspx - it comes with sample code on how to do that.
0
 
PeterLarsenAuthor Commented:
Hi jkr,

I already have several links about this issue.
What i need help to, is to understand e.g. what the impersonation in WinLogon actually does - or how i load (if necessarily) users environment before calling CreateProcessAsUser.
0
 
jkrCommented:
>> or how i load (if necessarily) users environment before calling CreateProcessAsUser

The above article describes that :o)
0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
PeterLarsenAuthor Commented:
nah, you are talking about cmdasuser i guess - not usefull here since i'm using Winlogon in this case.
0
 
jkrCommented:
Yes, but it also illustrates how to initialize the environment.
0
 
PeterLarsenAuthor Commented:
I need help to understand this - no more whitepapers please !!
0
 
jkrCommented:
0
 
PeterLarsenAuthor Commented:
But does the samples interact with WinLogon ??
0
 
jkrCommented:
I'd say the code given in the download link answers the question.
0
 
PeterLarsenAuthor Commented:
No it doesn't - i still don't know how Impersonation interact with Winlogon.
0
 
PeterLarsenAuthor Commented:
Thank you.
0
 
CetusMODCommented:
PAQed, with points refunded (300)

CetusMOD
Community Support Moderator
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now