Run GUI program in user desktop as SYSTEM service

Question

I'm looking for a way to run a GUI program with admin privileges from an already privileged process (as with a service running as SYSTEM) - without having a prompt for admin password.

What I know is that if a service as SYSTEM runs a GUI program, the process will start, but it won't be displayed for the user.

Having read about impersonation and window stations and desktops, I'm wondering if the SYSTEM service would be able to launch a GUI program, and then somehow create a new process and then set it's window station and desktop to the default one where the user can interact with it.

The use-case would be to open a program installation (which would require admin rights to install for all users - or to install at all) and then with some simulated keystrokes go through the installation setup (which is why it's important to have a GUI that can be interacted with).

Is something like this even possible in the context of it being run as a SYSTEM process?

There's an example of how to launch a process from a service here: https://stackoverflow.com/a/50743993/5743288 — Paul Sanders, Jan 16 '19 at 15:00
Will try it, but doesn't look like it would be the exact thing I'm looking for since the launched program need to have admin rights. Might be a start. — mikkel1156, Jan 16 '19 at 20:40
Related: https://stackoverflow.com/questions/267838/how-can-a-windows-service-execute-a-gui-application — drescherjm, Jan 16 '19 at 21:06
@drescherjm that could work. Do you know if the WTSEnumerateSessionsA function would work if it's run in a non-RD server case (since the handle for that function is for such)? Or is there another function to get suck desktop session handles from a local machine or a simple way to just use WTSEnumerateSessionsA for the current machine without any RD server? You guys' help is greatly appreciated. — mikkel1156, Jan 16 '19 at 21:24

Run GUI program in user desktop as SYSTEM service

0 Answers0