OpenProcess fails with Access Denied on Win2003

From: Will (will4wright_at_community.nospam)
Date: 09/25/04


Date: Sat, 25 Sep 2004 11:04:16 -0700

I have a service that runs in the "Local System" account. This services
needs to get the timing information (.e.g Creation Time) of all processes .

The information is retrieved by first opening the process using
OpenProcess( ) and then using the returned process handle in
GetProcessTimes( ). The code is something like the following:

// Get a handle to the process.
hProcess = OpenProcess(PROCESS_QUERY_INFORMATION, FALSE, dwProcessId);
if (hProcess != NULL) {
   // Get the process times
   bRet = GetProcessTimes(hProcess, &creationTime, &exitTime, &kernelTime,
&userTime);
   if (bRet) {
      // Do some work
      ...
   } else {
      // Handle the error
      ...
   }
} else {
   // Handle the error
   ...
}

On Windows 2000 this works fine for every process. However on Windows 2003
the OpenProcess( ) call fails with "Access Denied" for any process that is
running under the "LOCAL SERVICE" or "NETWORK SERVICE" accounts. This kinda
surprises me as I would have thought that the System account would have had
sufficient 'authority' to open these processes.

If I run the same code from an account that is in the "Local Administrators"
group, I get the same results. Which I find even more surprising... since
this means that a process running under an Administrator account can query
"SYSTEM@ owned processes, but not "LOCAL SERVICE" or "NETWORK SERVICE" owned
processes.

I know that if I enable the SE_DEBUG_NAME privilege, the OpenProcess( )
then works. But this seems a bit like using a sledgehammer to crack a
walnut.

Can anyone offer an alternative to enabling SE_DEBUG_NAME? And an
explanation for the current behaviour would also be greatly appreciated.

Thanks,
Will