Re: Fixable

From: Alun Jones (alun@texis.com)
Date: 08/24/02


From: alun@texis.com (Alun Jones)
Date: Sat, 24 Aug 2002 01:55:56 GMT

In article <ak6cpc$jla$2@sapa.inka.de>, Bernd Eckenfels
<ecki-news2002-08@lina.inka.de> wrote:
>In comp.security.misc Alun Jones <alun@texis.com> wrote:
>> No. When a user logs off, the next user gets a clean desktop. The previous
>> user's applications are all terminated, unless he's able to install them as a
>> service (a task usually limited to administrators). Perhaps you could expand
>> on what you mean by "background user".
>
>a process which is started at the same time while a user is stting on the
>console. Like scheduler, RPC, telnet/ssh or terminal server, asp or
>whatever. I am not sure if those process can send messages to the windows.

Processes that can access the desktop include:
+ processes started by the user in that desktop (using RunAs, these can be run
as a higher or lower privilege user)
+ processes with enough privilege to open the desktop (usually admin
privileges)
+ processes installed as "interactive services" (which run in the elevated
LocalSystem context)

When a user logs off, his desktop (the session's desktop, not his profile,
which is what many users think of as the desktop) is deleted, and the programs
that he started are all stopped.

A background process / daemon would be called a "service", and be controlled
(started, stopped, interrogated, etc) by the service manager. Many services
run as privileged users, some don't need to. Some privileged users will have
the necessary rights to discover if there is a desktop, and open a handle to
it, allowing them to create a window on the desktop, and an accompanying
message queue. However, any service that simply tries to create a window
without first opening a handle to a desktop will get its own individual,
invisible desktop - one that the user can't access.

Alun.
~~~~

[Please don't email posters, if a Usenet response is appropriate.]

-- 
Texas Imperial Software   | Try WFTPD, the Windows FTP Server. Find us at
1602 Harvest Moon Place   | http://www.wftpd.com or email alun@texis.com
Cedar Park TX 78613-1419  | VISA/MC accepted.  NT-based sites, be sure to
Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for XP/2000/NT.