Re: CreateProcessWithLogonW fails in custom GINA

From: Yu Chen [MS] (
Date: 08/16/04

Date: Mon, 16 Aug 2004 10:17:36 -0700

This is a known issue in Windows Server 2003 and XPSP2 - the
CreateProcessWithLogonW API is changed to better handle the new process' use
of desktop by utilizing "Logon Sid" in the caller's token. However the local
system token (under which your GINA is running) doesn't have a "Logon sid"
so the API failed when caller is local system.

You can use LogonUser and CreateProcessAsUser to achieve the same thing.

Yu Chen [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
"Mike P." <Mike> wrote in message
> I am using a custom GINA which calls CreateProcessWithLogonW when machine
> logged off and idle to update software from a network location. The user
> credentials it submits to the API are in the local administrators group
> can read network resources. Before service pack 2 this worked fine. Now it
> fails with error 5 (access denied).