CreateProcessAsUser not from service
I want to run the application under the credentials of a different account (no promotion) while that user is already logged in. Specifically, I want my app installer (which runs under any administrator account) to handle processes in every user desktop session. These processes interact with the windows of the service and display on the desktop to interact with the user.
Usually, from the service operating as
it will not run outside of an account
), making this approach unsuccessful.
If the user was not already logged in, I could simply register the app to run under
so that any user logged in will get a copy of the app when they log in. But if the user is not already working (at least until they log out and log in again).
I see two possible answers:
You cannot do this. Unfortunately.
You can get the token from somewhere else (maybe list the explorer.exe processes and pull the access token out of each), call
, then go to
. I tried this approach and consistently got "access denied" when trying
in a process running under a different user session, even with debug privilege enabled and a process opened with
What do you think?
If the answer is # 1 ("you can't do that"), then what is the recommended recommendation for spawning un-raised processes to mediate between the service and the user? Is it better to use this service to run these processes in every session via CreateProcessAsUser? Or is it best to have unhooked processes run separately (e.g. via
source to share
No one has answered this question yet
Check out similar questions: