Zitat von
Dezipaitor:
Do I understand correctly? Your code will run not as a service but as a normal process that can be used by a logged on user?
That's right, but the user who starts my code needs SeTcbPrivilege
Zitat von
Dezipaitor:
1. I logged on the current logged on user - but I needed to add the new logged on user SID to the windows station+desktop DACL to run a graphic process.
Not needed, add the users LogonSid to the PTOKEN_GROUPS parameter
Zitat von
Dezipaitor:
2. the CreateEnv... parameter must be set to the users envir. - otherwise the env. was set to the local system env. which lead to terrible result - I killed the explorer on purpose and started it again in the command line I created by that service. The result was that this user could no more start explorer with winlogon. It always used the local system. I restarted windows and logged on - but only the command line was started. All I could do was to use an partition image I created.
Thus I test such a program in a VM.
I think this has got to do with
acl on the user desktop and not the environment. Remember that
ACL's that you set on the desktop do not survive a reboot
If you simply want to start a process from a service and run this on the user's desktop (or even a specific terminal sessions desktop) I use this:
Delphi-Quellcode:
procedure TService1.ServiceStart(Sender: TService; var Started: Boolean);
var hToken: THandle;
si: _STARTUPINFOA;
pi: _PROCESS_INFORMATION;
begin
ZeroMemory(@si, SizeOf(si));
si.cb := SizeOf(si);
si.lpDesktop := nil;
if WTSQueryUserToken(3, hToken) then
begin
if CreateProcessAsUser(hToken, nil, 'cmd.exe', nil, nil, False,
CREATE_NEW_CONSOLE or CREATE_NEW_PROCESS_GROUP, nil,
nil, si, pi) then
begin
// Do some stuff
end;
end;
Self.DoStop;
end;
This sample start a process in Terminal Session 3 but you can use WTSGetActiveConsoleSession for obtaining the logged on users session ID.