OpenProcess fails with Access Denied on Win2003

From: Will (will4wright_at_community.nospam)
Date: 09/25/04


Date: Sat, 25 Sep 2004 11:04:16 -0700

I have a service that runs in the "Local System" account. This services
needs to get the timing information (.e.g Creation Time) of all processes .

The information is retrieved by first opening the process using
OpenProcess( ) and then using the returned process handle in
GetProcessTimes( ). The code is something like the following:

// Get a handle to the process.
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessId);
if (hProcess != NULL) {
   // Get the process times
   bRet = GetProcessTimes(hProcess, &creationTime, &exitTime, &kernelTime,
&userTime);
   if (bRet) {
      // Do some work
      ...
   } else {
      // Handle the error
      ...
   }
} else {
   // Handle the error
   ...
}

On Windows 2000 this works fine for every process. However on Windows 2003
the OpenProcess( ) call fails with "Access Denied" for any process that is
running under the "LOCAL SERVICE" or "NETWORK SERVICE" accounts. This kinda
surprises me as I would have thought that the System account would have had
sufficient 'authority' to open these processes.

If I run the same code from an account that is in the "Local Administrators"
group, I get the same results. Which I find even more surprising... since
this means that a process running under an Administrator account can query
"SYSTEM@ owned processes, but not "LOCAL SERVICE" or "NETWORK SERVICE" owned
processes.

I know that if I enable the SE_DEBUG_NAME privilege, the OpenProcess( )
then works. But this seems a bit like using a sledgehammer to crack a
walnut.

Can anyone offer an alternative to enabling SE_DEBUG_NAME? And an
explanation for the current behaviour would also be greatly appreciated.

Thanks,
Will



Relevant Pages

  • OpenProcess fails with Access Denied on Win2003
    ... I have a service that runs in the "Local System" account. ... needs to get the timing information (.e.g Creation Time) of all processes. ... the OpenProcess() call fails with "Access Denied" for any process that is ...
    (microsoft.public.platformsdk.security)
  • Re: Access denied for OpenProcess(PROCESS_DUP_HANDLE) in service
    ... Does the administrator account not ... > have the rights to make the OpenProcess() call on any process? ... > to execute DuplicateHandlerin the client process. ... The usual pattern for this is the client makes a request to the service, ...
    (microsoft.public.platformsdk.security)