Zitat von
OregonGhost:
While I still cannot imagine a situation where starting an interactive application from a service is necessary, I have three questions to this approach:
- What happens if more than one user is logged on?
- Where does the service get the user login password from?
- What happens if the service does not run with full rights?
Oh, apart from the question what happens if services and user applications are even more separated from each other in the next version of the operating system
1. WtsQueryUserToken with WtsGetActiveConsoleSessionID uses always the lonely console session. The console session is the session which the keyboard and mouse inputs send their data. Its not a terminal session. You can provide other terminal session.
Wts_Functions are only supported in XP and newer.
2. There is no need. A token is a passport of the user. A service has the power to obtain a copy of it and use it for whatever it wants. LogonUser is only necessary if you want to use user credentials for a user who is not logged on.
3. WtsQueryUserToken needs the TCB privilege to be hold by the process. If the service is started with other credentials the function simply fails and none of this will work.
4. How could that be possible? Communication is always needed. Otherwise we could not communicate with hardware which is necceesarry. However the next step is to seperate secure and unsecure apps.