Windows 7 to XP migration: Security Issue

Hello All,

I am working on a migration project from Win XP to Win 7

I am facing a problem on windows 7 when I start an interactive
application from a custom service with a different user name.

We a have windows service (named as “MyAppHostingService”) which is
running under SYSTEM account and is configured as Automatic startup.
This service is responsible to start and monitor several interactive
applications. This service starts all the interactive apps under a
different user (Lets say “MyApplicationUser”) by using
CreateProcessAsUser API. MyApplicationUser is not a admin user.

When I login under any general user without admin rights,
MyAppHostingService will start automatically under the SYSTEM account
and will start several frontend applications under
“MyApplicationUser”. Now when I go the task manager, I have the
following problems:

1) Under the process tab I can see all the application running
under “MyApplicationUser” although I have not logged in as
“MyApplicationUser” or as admin user
2) I am able to kill all application running under

The same scenario under windows xp the user is able to see the
application but cant kill it as the logged in user does not have
rights to do so.

Any idea why this could happen and how can I solve this issue.