Re: HELP! CreateProcessWithLogonW issue
From: Matthew Wieder (Development_at_SatoriGroupInc.com)
Date: Thu, 02 Sep 2004 10:10:55 -0400
Hi - You suggest to use LogonUser and CreateProcessAsUser to replace
CreateProcessWithLogonW, but does that really replcae it exactly? It is
my understanding there are major differences between the two such as
LogonUser and CreateProcessAsUser doesn't load the user's registry hive.
Yu Chen [MS] wrote:
> Please ignore the "GINA" part below - it's a cut & paste from an earlier
> reply to another thread.
>>If your service is started under Local System account, this is a known
>>in Windows Server 2003 and XPSP2 - the CreateProcessWithLogonW API is
>>changed to better handle the new process' use of desktop by utilizing
>>Sid" in the caller's token. However the local system token (under which
>>GINA is running) doesn't have a "Logon sid" so the API failed when caller
>>You can use LogonUser and CreateProcessAsUser to achieve the same thing.
>>This info will be included in next release of MSDN.
>>Yu Chen [MS]
>>This posting is provided "AS IS" with no warranties, and confers no
>>"Andrew Zimmer" <firstname.lastname@example.org> wrote in message
>>>I have the same issue with using CreateProcessWithLogonW on a 2003
>>>machine. The application does not start. It doesn't even generate an
>>>error message. I tried using the below example but it will not work
>>>when trying to login to the same machine.
>>>Does anyone know how to deal with this Server 2003 security issue? I
>>>have granted about every local security setting policy setting to both
>>>the ID doing the impersonation and the ID it is trying to impersonate
>>>I am trying to start an app under a specific ID from a windows
>>>service. It works great on Server 2000 but not 2003.