Re: HELP! CreateProcessWithLogonW issue

From: Matthew Wieder (Development_at_SatoriGroupInc.com)
Date: 09/02/04


Date: Thu, 02 Sep 2004 10:10:55 -0400

Hi - You suggest to use LogonUser and CreateProcessAsUser to replace
CreateProcessWithLogonW, but does that really replcae it exactly? It is
my understanding there are major differences between the two such as
LogonUser and CreateProcessAsUser doesn't load the user's registry hive.
thanks,
-Matthew

Yu Chen [MS] wrote:
> Please ignore the "GINA" part below - it's a cut & paste from an earlier
> reply to another thread.
>
>
>>If your service is started under Local System account, this is a known
>
> issue
>
>>in Windows Server 2003 and XPSP2 - the CreateProcessWithLogonW API is
>>changed to better handle the new process' use of desktop by utilizing
>
> "Logon
>
>>Sid" in the caller's token. However the local system token (under which
>
> your
>
>>GINA is running) doesn't have a "Logon sid" so the API failed when caller
>
> is
>
>>local system.
>>
>>You can use LogonUser and CreateProcessAsUser to achieve the same thing.
>>
>>This info will be included in next release of MSDN.
>>
>>--
>>Yu Chen [MS]
>>This posting is provided "AS IS" with no warranties, and confers no
>
> rights.
>
>>"Andrew Zimmer" <zimmera@charter.net> wrote in message
>>news:485f505f.0408181919.5adec780@posting.google.com...
>>
>>>I have the same issue with using CreateProcessWithLogonW on a 2003
>>>machine. The application does not start. It doesn't even generate an
>>>error message. I tried using the below example but it will not work
>>>when trying to login to the same machine.
>>>
>>>Does anyone know how to deal with this Server 2003 security issue? I
>>>have granted about every local security setting policy setting to both
>>>the ID doing the impersonation and the ID it is trying to impersonate
>>>to.
>>>
>>>I am trying to start an app under a specific ID from a windows
>>>service. It works great on Server 2000 but not 2003.
>>
>>
>
>



Relevant Pages

  • Re: CreateProcessWithLogonW on Server 2003
    ... I have a similar problem and have looked on LogonUser and CreateProcessAsUser but I can't find out how to write the code. ... > If the caller is local system, you can use LogonUser and CreateProcessAsUser ...
    (microsoft.public.platformsdk.security)
  • Re: HELP! CreateProcessWithLogonW issue
    ... my understanding there are major differences between the two such as ... LogonUser and CreateProcessAsUser doesn't load the user's registry hive. ... >>If your service is started under Local System account, ...
    (microsoft.public.dotnet.framework.aspnet.webservices)
  • Re: HELP! CreateProcessWithLogonW issue
    ... my understanding there are major differences between the two such as ... LogonUser and CreateProcessAsUser doesn't load the user's registry hive. ... >>If your service is started under Local System account, ...
    (microsoft.public.dotnet.framework)
  • Re: HELP! CreateProcessWithLogonW issue
    ... my understanding there are major differences between the two such as ... LogonUser and CreateProcessAsUser doesn't load the user's registry hive. ... >>If your service is started under Local System account, ...
    (microsoft.public.platformsdk.security)
  • RE: CreateProcessAsUser, error code 6
    ... > administrators group, the exitcode that comes from GetExitCodeProcess ... The process calling LogonUser requires the SE_TCB_NAME privilege. ... my app being called by the service works. ... > primary user token), then calls createprocessasuser(). ...
    (microsoft.public.platformsdk.security)