• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1428
  • Last Modified:

CreateProcessAsUser - Which user to use?

I've been doing some development with Windows Vista and am hitting a small roadblock because of changes made to session 0.  I understand why the changes were made, and I think they're a good thing, but it's causing me a headache.

In this particular case, I'm working on some code that is run by a printer driver after it is installed. One of the things the code does is launch a Setup program to install some utility applications. Since the spooler is a service, I'm running in the security context of services, so anything I launch winds up in Session 0, invisible to the user.

I understand from the White Paper at http://www.microsoft.com/whdc/system/vista/services.mspx that I need to use either WTSSendMessage or CreateProcessAsUser (which is what I really need) to ensure that the app runs with the correct security context and is visible to the user. The problem is, how do I know *which* session or user to use?

I thought about enumerating all the sessions and finding the active session, but, because of Fast User switching and RDC, it's entirely possible that more than one person is logged in and active simultaneously. How do I know who launched Add Printer Wizard to trigger the driver install?

If it were just a status app, I could look at the job and see who sent it, but this is happening immediately after driver install, and there may or may not be a test page in the queue to look at.

So, any ideas? Thanks.

--
Troy
0
thoffman
Asked:
thoffman
  • 3
  • 2
1 Solution
 
Dariusz DziaraProgrammerCommented:
"In this particular case, I'm working on some code that is run by a printer driver after it is installed"

What do you mean ? How printer driver executes your code (I simply have never done such thing) ? How logged user (local or remote) communicates wtih printer driver ?

Do I understand it correctly ?
logged user communicates with printer driver -> printer driver runs your code

It may happen that distinguishing session is simply impossible.
0
 
thoffmanAuthor Commented:
The driver is installed using Add Printer Wizard. At the end of install, the driver launches an application. There are a few different apps, depending on the driver. For example, it might want to launch a Setup app to install support modules, like a status application, an uninstaller, special port monitor, or any other application that can't be installed using APW.

It also might need to launch a readme file or some other support file like that.

It's really driving my nuts. In Vista, if I launch Setup after APW, it works, but it launches into session 0 and is invisible to the user, since it's being launched by the spooler service.

--
Troy
0
 
Mikeh926Commented:
It sounds like you need to know which desktop/session is currently displayed on the monitor and then find out which user is logged into that desktop.

I haven't tried this myself on Vista... but can you call OpenInputDesktop() which should give you a handle to the active desktop; then call GetUserObjectInformation() with that desktop handle to get the user's sid?
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
thoffmanAuthor Commented:
That looks very promising and is probably the API I've been looking for. I'll give it a shot in the next couple of days. Unfortunately, some other fire drills came up, so this is kind of in the backburner for now. I'll let you know how it works out. Thanks!

--
Troy
0
 
Mikeh926Commented:
I use OpenInputDesktop and SetThreadDesktop on XP to dynamically move a window to the visible desktop whenever the session/desktop changes. Haven't tried this on Vista yet... I have enought problems just trying to get my app to run with the new security!

If the CreateProcessAsUser approach fails, can you run your setup as a service and simply display it's UI on the users desktop?

Cheers,
Mike.
0
 
thoffmanAuthor Commented:
Sorry this is taking so long. There are so many other things going on right now, and this project has been put on the backburner. I've looked at the API documentation, and it looks like this is exactly what I'll need. I can't test it at the moment, but I don't see any reason this won't work.

Thanks for your help on this.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now