Re: CreateProcessWithLogonW on Server 2003
From: Yu Chen [MS] (yuchen_at_online.microsoft.com)
Date: Mon, 12 Jul 2004 19:14:09 -0700
When LogonUser failed, what error code did GetLastError return? I bet it's
ERROR_LOGON_TYPE_NOT_GRANTED. By default the SeBatchLogon right is not
granted to any account. If you need to use the batch logon type, you have to
grant the SeBatchLogon right to the account.
-- Yu Chen [MS] This posting is provided "AS IS" with no warranties, and confers no rights. "Vincent Finn" <firstname.lastname@example.org> wrote in message news:email@example.com... > On Wed, 7 Jul 2004 16:46:42 -0700, "Yu Chen [MS]" > <firstname.lastname@example.org> wrote: > > >That's a known issue in Windows Server 2003 - the CreateProcessWithLogonW > >API is changed to better handle the new process' use of desktop by utilizing > >"Logon Sid" in the caller's token. However the local system token (under > >which your service is running) doesn't have a "Logon sid" so the API failed > >when caller is local system. > > > >If the caller is local system, you can use LogonUser and CreateProcessAsUser > >to achieve the same thing. > > That sorted it, thanks. > > LogonUser only seems to work if I use 'LOGON32_LOGON_INTERACTIVE' > rather than 'LOGON32_LOGON_BATCH' > > any idea why that might be? > > Vin