0

I am trying to do the following:

computer         computer
   A                B
   |                | Computer B is logged off 
   |--login-------->|
   |                | Computer B logs in as an interactive user
   |<------SUCESS---|
   |-Start notepad->|
   |                | Computer B shows desktop with notepad instance open.

Session0 isolation prevents me from showing notepad as interactive user.

I have tried a lot of solution - but none works. I tried getting token using WMI (http://msdn.microsoft.com/en-us/library/ms257337(v=vs.80).aspx) but it doesn't work.

I tried to use LogonUser function (http://msdn.microsoft.com/en-us/library/windows/desktop/aa378184(v=vs.85).aspx) but it doesn't work.

I tried multiple solutions as suggested by this link: Unlock Windows workstation programmatically But nothing there works.

What is the way to do this?

Cœur
  • 37,241
  • 25
  • 195
  • 267
Henry Aloni
  • 617
  • 7
  • 24

2 Answers2

1

It appears that it is not possible to fully impersonate an interactive user programatically, such that you get a physical console and associated GDI constructs.

It appears that the only way to do this is to enable auto-logon to an interactive session, and refactor the service to speak to a new client component in the interactive session. To address the security disadvantage of this, Microsoft recommends implementing a shell replacement to place the server in a "Kiosk" mode on logon (i.e. no Explorer access without appropriate credentials).

I went though the windows 7 SDK "session 0 isolation" issue. The tutorial say we should use the CreateProcessAsUser function to create a process in the requesting user’s desktop. I tried the offered solution but we need to be logged in as the user specified in the CreateProcessAsUser call in order to see the process interactively.

Henry Aloni
  • 617
  • 7
  • 24
0

You should create an agent application which is started automatically at user login. Dropping a shortcut to the application's exe file in the Startup folder under the All Users folder should suffice.

This application should connect to your Windows Service and await commands.

You could make the 2 processes communicate via Names Pipes and .NET Remoting.

You will end up with 2 applications which total N + 1 running processes. 1 main service and 1 agent for each interactive session.

Eduard Dumitru
  • 3,242
  • 17
  • 31
  • You missed a point: I want notepad to appear as an interactive process. This solution suggests that the computer must be in interactive mode (logged in, or showing it's desktop) in order to work. If I start the notepad instance it won't show anything on the desktop. – Henry Aloni Sep 10 '13 at 09:54
  • "This solution suggests that the computer must be in interactive mode" --- if that were not true, how would you want "notepad to appear as an interactive process" ? – Eduard Dumitru Sep 10 '13 at 09:57
  • programatically log in on computer B, when it shows the desktop tell computer B to start notepad under logged in user. (see sequence diagram in my question) – Henry Aloni Sep 10 '13 at 09:59