I have written a Windows service that allows me to remotely run and stop applications. These applications are run using CreateProcess, and this works for me because most of them only perform backend processing. Recently, I need to run applications that present GUI to the current log in user. How do I code in C++ to allow my service to locate the currently active desktop and run the GUI on it?
Roger Lipscombe's answer, to use WTSEnumerateSessions to find the right desktop, then CreateProcessAsUser to start the application on that desktop (you pass it the handle of the desktop as part of the STARTUPINFO structure) is correct.
However, I would strongly recommend against doing this. In some environments, such as Terminal Server hosts with many active users, determining which desktop is the 'active' one isn't easy, and may not even be possible.
But most importantly, if an application will suddenly appear on a user's desktop, this may very well occur at a bad time (either because the user simply isn't expecting it, or because you're trying to launch the app when the session isn't quite initialized yet, in the process of shutting down, or whatever).
A more conventional approach would be to put a shortcut to a small client app for your service in the global startup group. This app will then launch along with every user session, and can be used start other apps (if so desired) without any juggling of user credentials, sessions and/or desktops.
Also, this shortcut can be moved/disabled by administrators as desired, which will make deployment of your application much easier, since it doesn't deviate from the standards used by other Windows apps...
The short answer is "You don't", as opening a GUI program running under another user context is a security vulnerability commonly known as a Shatter Attack.
Take a look at this MSDN article: Interactive Services. It gives some options for a service to interact with a user.
In short you have these options:
Display a dialog box in the user's session using the WTSSendMessage function.
Create a separate hidden GUI application and use the CreateProcessAsUser function to run the application within the context of the interactive user. Design the GUI application to communicate with the service through some method of interprocess communication (IPC), for example, named pipes. The service communicates with the GUI application to tell it when to display the GUI. The application communicates the results of the user interaction back to the service so that the service can take the appropriate action. Note that IPC can expose your service interfaces over the network unless you use an appropriate access control list (ACL).
If this service runs on a multiuser system, add the application to the following key so that it is run in each session: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run. If the application uses named pipes for IPC, the server can distinguish between multiple user processes by giving each pipe a unique name based on the session ID.
WTSEnumerateSessions and CreateProcessAsUser.
Several people suggested WTSEnumerateSessions and CreateProcessAsUser. I wonder why no one suggested WTSGetActiveConsoleSessionId, since you said you only want to target one logged in user.
Several people sure are right to suggest CreateProcessAsUser though. If you call plain old CreateProcess the way you said, then the application's GUI will run with your service's privileges instead of the user's privileges.
That problems Session 0 , Interactive Services ,
Windows Service Allow Service To Interact With Desktop
on Windows 7 or Windows Vista
You can read this article
http://www.codeproject.com/KB/vista-security/SubvertingVistaUAC.aspx
I try explained here it's working on Windows 7
On Win2K, XP and Win2K3 the console user is logged on in Session 0, the same session the services live in. If a service is configured as interactive, it'll be able to show the UI on the user's desktop.
However, on Vista, no user can be logged on in Session 0. Showing UI from a service there is a bit trickier. You need to enumerate the active sessions using WTSEnumerateSessions API, find the console session and create the process as that user. Of course, you need also a token or user credentials to be able to do that. You can read more details about this process here.
I think as long as you have only one user logged in, it will automatically display on that user's desktop.
Anyway, be very careful when having a service start an exe.
If the write access to the folder with the exe is not restricted, any user can replace that exe with any other program, which will then be run with sytem rights. Take for example cmd.exe (available on all windows sytems). The next time the service tries to start your exe, you get a command shell with system rights...
If you launch a GUI from your service it will show up on the currently active desktop.
But only if you adjusted the service permissions: You need to allow it to interact with the desktop.
Important Services cannot directly interact with a user as of Windows Vista. Therefore, the techniques mentioned in the section titled Using an Interactive Service should not be used in new code.
This is taken from : http://msdn.microsoft.com/en-us/library/ms683502(VS.85).aspx
I'm having a java application which opens the notepad.exe using, Runtime.getRuntime().exec().
And I want to run this application as a windows service. So I created a windows service using C#.
and I could successfully installed the service using 'installutil' command.
But although my java application started properly by the windows service, it does not open the notepad.exe.
I thought the problem is where the service is run as a SYSTEM process but not as the current login user. So I installed the service under the current user, by giving user credentials in installutil command.
Then the service and the java application properly started under the current user and I could see notepad.exe also created under the same user. But notepad is not visible.
Can anyone guide what has happened here please.
Thanks
It sounds like it's being started in another context.
In service options try checking the "Local System account" radio button, and then checking the "Allow service to interact with desktop" checkbox.
I wrote a windows service in C# .NET 3.5.
It starts up automatically and runs as Local System User (no log in required).
If i run a Shutdown-Batch-File (shutdown -s -t 30) with my service by calling Process.Start(), nothing happens until i log in to windows. So it waits for logging in and then starts the batch.
Is it possible to run this batch in logged off state?
Greetings
There is a property for each service application called Allow Interact With Desktop that should be set True for your service to be able to run Shutdown-Batch-File.
Take a look at these links:
Interact With Desktop when Installing Windows Service
Allow service to interact with desktop in C#
Have you checked to make sure this is not a permission issue? Ie does it work if the service is running as an administrator?
You might also want to try the alternative methods of shutting down mentioned in this question how-to-shutdown-the-computer-from-c#.
I've created a service that runs as the Local System user. This service launches and monitors a Silverlight Out-of-browser application using native interop and the CreateProcessAsUser() method (to run it as the currently logged-in user, rather than Local System). I'm able to get a handle on the spawned Process and do things like Kill() it, however, I've become aware that the service is unable to get a handle to the main window of the child application because the child application is running as a different user. I'm running on Windows 7.
My end goal is to respond properly to when the Process stops responding (i.e. Process.Responding == false) so that I can kill the application and restart it. However, Process.Responding requires a handle to the main window of the process (Process.MainWindowHandle, to be exact), however, in this scenario, Process.MainWindowHandle always returns 0.
I'm stumped here. Is there any way for one user to get a window handle to a process running as another user in Win 7?
Thanks in advance for any and all help.
No, that's not possible. Windows Services are completely isolated from user-mode applications for security reasons. If you could get the handle to a window, you could manipulate and otherwise interact with that window, leaving open a huge security vulnerability.
More information is available here:
How can a Windows Service start a process when a Timer event is raised?
How can I run an EXE program from a Windows Service using C#?
windows service (allow service to interact with desktop)
Need suggestion on replacing Windows Service by invisible WinForm Application
Strictly speaking, what you're using the Windows Service for in the first place is bad design. It shouldn't be creating or launching any user-mode processes, or interacting with the user in any way. Remember that services run even when there is no user logged in! Thus, they shouldn't be starting applications.
A better solution is a simple background application, set to launch automatically when the user logs in. This background application could then launch the Silverlight application, monitor its state, and interact with it as necessary, because both would be running under the context of the same local user account. The effect is similar to a service, but without any of the drawbacks of isolation. The easiest way to do this in Visual Studio is to create a WinForms application (or possibly a WPF application, I have less experience in that area) that simply doesn't show any forms/windows.
I am trying to start a process programatically from windows service written in C#. i see my process having started in the task manager but i dont see its UI.
Any idea whats going on? i am running this on windows xp
clientProcess = new System.Diagnostics.Process();
clientProcess.StartInfo.FileName = system_drive_path + #"\sd\ud\ud.exe";
clientProcess.StartInfo.WindowStyle = ProcessWindowStyle.Maximized;
clientProcess.Start();
Services don't have a desktop associated with them, so when you start the GUI application, it will not show up to the user.
You need to configure the service to have interaction with the desktop, then it will work. You can do this either diagrammatically in the service installer class
Or manually in the service properties windows, under the Log On tab.
You are not supposed to interact with the user from a service, including starting a process. This is actually actively disallowed in Vista and later, including services marked as 'interactive', for various reasons primarily security:
Important Services cannot directly
interact with a user as of Windows
Vista.
If you want to interact with the user session then you must have a process in the user session (eg. a tray icon application) that interacts with the service via an IPC protocol (net pipes, shared memory, messages etc).
Create a separate UI application that runs at session start up and that application can start your 'sd.exe' when asked so by the service.