1

On my local machine I am running an administrative c# service as LocalSystem called Serv.exe which performs various tasks. One of the tasks it needs to perform is to launch an application under the USER account (currently logged on), not as admin - as this violates security.

The obvious solution would be simple impersonation when launching the application - however I run into a small problem whereas I am not priviledged to the user account credentials (Username & Password) and therefore am unable to impersonate in the conventional way.

So, using a C# service running as LocalSystem when logged on to a User account - is there anyway I can launch an application as that User?

From the comments:
what happens is that the Application itself asks the Service to do a job and then terminates. when the job is funished the application must restart itself - I thought the best way would be to have the service restart it when it was done ...

Any help would be greatly appreciated. Thanks,

H H
  • 263,252
  • 30
  • 330
  • 514
Shaitan00
  • 303
  • 1
  • 6
  • 20
  • One way or another, you are asking for a way to breach security. Maybe you can come up with an alternative solution. – H H Sep 14 '09 at 16:30
  • Well - what happens is that the Application itself asks the Service to do a job and then terminates. when the job is funished the application must restart itself - I thought the best way would be to have the service restart it when it was done ... Any other suggestions? – Shaitan00 Sep 14 '09 at 16:33

2 Answers2

1

You can use Windows Scheduler to start your app as a user.

Take a look at this wrapper - http://www.firatatagun.com/c-windows-task-scheduler-wrapper-classes-c-sharp/2010/04/22/

and then you can simply create a scheduled task to run your software immediately, afterward you can delete this redundant task after 2 seconds.

Sample code:

        using (TaskService ts = new TaskService())
        {
            // Create a new task
            const string taskName = "RunMyProcessNowAsUser";
            Task t = ts.AddTask(taskName,
               new TimeTrigger() { StartBoundary = DateTime.Now, Enabled = false },
               new ExecAction("YourProcess.exe");

            t.Run();

            // delete the task after 2 seconds.
            new Action(() =>
            {
                Thread.Sleep(2000);
                using (TaskService ts2 = new TaskService())
                {
                    ts2.RootFolder.DeleteTask(taskName);
                }
            }).BeginInvoke(null, null);

        }
Janalopa
  • 11
  • 1
0

Instead of breaching security this way you can make the application wait and then restart itself. See this SO question and this one.

Community
  • 1
  • 1
H H
  • 263,252
  • 30
  • 330
  • 514
  • I get the idea - but not sure if this will work for me - I have a service which does a job, while the job is being performed the application must be closed, when the job is done the application must start. So, using a second application means that somehow my Service musr communicate back to it in order to restart the primary application - seems like a big amount of overhead ... but if this is the standard approach I'll investigate. – Shaitan00 Sep 14 '09 at 16:45
  • You can make the original app a 2-stage affair where the first stage waits if the server is busy. – H H Sep 14 '09 at 16:55
  • Sadly I cannot make any fundamental changes to the original app as it is legacy software running old C++ which I do not have access to ... – Shaitan00 Sep 14 '09 at 17:26
  • Then you will need a monitoring app. Could make it more robust too. – H H Sep 14 '09 at 17:30
  • What about: •by duplicating an existing token with CreateRestrictedToken, DuplicateToken, or DuplicateTokenEx. •by opening the token from another process or thread, that already is loggen on as the user, with OpenProcessToken or OpenThreadToken – Shaitan00 Sep 14 '09 at 17:44