Prev: WindowsStation\Desktop Problem
Next: 0xc0000142 error with CreateProcessAsUser on XP only with VC 8
From: LongJohn on 5 Nov 2006 03:32
I have Credential Provider that creates a process running as a user (A) that
is a different user than the interactively logged on user (B).

The sequence is:

LogonUser(A)
(then get logon session token for the user and add it with all permissions
set, for Winsta0\Default)
CreateProcessAsUser(A, in Winsta0\Default)

I keep getting error 1314 as if I had not added the SID to the Window
Station or Desktop DACL properly, or at all. However, the utiltiy program
WinStaDacl.exe verifies that I have the SID and permissions added properly.

This code worked perfectly in a service on NT4, 2000, and XP.

(1) I know what error 1314's error text is, please don't respond with this
text.
(2) 'A' is a local user account.
(3) The Credential Provider code calling these functions is running as SYSTEM.
(4) The Credential Provider code is running in the same session as the
interactive session (this is not a service with session 0 isolation issues).
(5) If I change the token handle in the CreateProcessAsUser() call to NULL,
the process starts and runs fine, but as SYSTEM, indicating futher that this
is a window station permission issue.

Any ideas, while I still have some hair left?

Thanks.
From: LongJohn on 6 Nov 2006 18:29
In case anyone else encounters this, I found an answer through trial and error.

It appears that MS has introduced a new API function in Vista/Longhorn
called CreateProcessWithTokenW().

It appears that it does virtually the same thing as CreateProcessAsUser(),
except that it can load the profile automatically like
CreateProcessWithLogonW().

It appears that they broke CreateProcessAsUser() when they added this
function, since it no longer works in the scenario described above. I have
logged an error report for this in Longhorn Server.
 | 
Pages: 1
Prev: WindowsStation\Desktop Problem
Next: 0xc0000142 error with CreateProcessAsUser on XP only with VC 8