Can a Windows Service launch an application with administrative privileges in Windows Vista?

Hello Experts,

I've been reading around and trying all kinds of things to make my Windows Service launch another application (either by ShellExecute, ShellExecuteEx, or CreateProcess, etc.) with administrative privileges in Windows Vista.

It is unclear to me whether or not this is even possible.

Right now, I have it where the service launches the application, and in task manager the application's "User Name" says the name of an administrative account, but the application won't do what I want it to (specifically control the mouse by using the .NET Cursor.Position and invoke mouse_event() from user32.dll) unless I manually stop the application from task manager, right click on it in its folder and select "Run as administrator".

Is there a way to do this? Any way at all?

Thanks for your help!
ehensensAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
Nol888Connect With a Mentor Commented:
I suspect the issue is that Windows Services and presumably processes launched by a Windows Service cannot interact with a user session, for security purposes. They run on a separate desktop.
0
 
Nol888Commented:
Using the ShellExecute function (http://msdn.microsoft.com/en-us/library/bb762153%28VS.85%29.aspx), and setting lpOperation to "runas" should do the trick.
0
 
ehensensAuthor Commented:
Thanks for your response,

I've already tried that. I'm pasting the exact code I used below. It did not launch the application at all. Could this be because I'm trying to launch the application from within a Windows Service?

Furthermore, I know that the application itself launches when I use CreateProcess(), it just doesn't launch with administrative privileges.

Any ideas?

HINSTANCE hInst = ShellExecute(NULL, _T("runas"), _T("theapplication.exe"), NULL, NULL, SW_HIDE);

Open in new window

0
Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

 
Nol888Commented:
Try fully qualifying the path to the application. In addition, record (somehow) the return value of ShellExecute. It'll help to determine the reason why the application doesn't launch. If I recall correctly, services are not allowed to interact with the desktop so perhaps the elevation prompt fails to activate.
0
 
ehensensAuthor Commented:
Thanks for the advice.

Specifying the fully qualified path to the application did indeed make the Windows Service launch it, but it still did not have full administrative privileges.

I know this because it wouldn't control the mouse when it was launched by the Windows Service, but it did control the mouse when I manually ended it and started it up again as an administrator.

Any ideas?

Thanks!
0
 
ehensensAuthor Commented:
Thanks.

My guesses are starting to lean in that direction as well.

However, I would really like to know for sure.

Does anybody know of any Microsoft literature that says as much, or does anyone know for sure any other reason why this may not be possible?

I don't truly understand this concept of separate desktops, is there any way I can launch a process with administrative privileges on a different desktop (for instance, from the Windows Service desktop to the user's desktop)?

Any ideas at all?

Thanks!
0
 
Nol888Commented:
On XP and earlier, I believe there's a way to allow interaction, some group policy. However, for good practice you should follow the Vista guidelines.

Here's a similar problem posted on stackoverflow: http://stackoverflow.com/questions/1369236/how-to-run-console-application-from-windows-service
0
 
Subrat (C++ windows/Linux)Software EngineerCommented:
Have a look on  ImpersonateLoggedOnUser()
0
 
ehensensAuthor Commented:
Thanks Subrat2009, but the whole issue is that the administrative user is not logged on, so I cannot impersonate him.
0
 
ehensensAuthor Commented:
Although I have not seen anything from Microsoft indicating that what I'm after is not possible, I suspect that this is indeed the case.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.