Wednesday, September 14, 2016

Creating a process for a different logon session with LogonUserExExW

I found yesterday that it's not possible to change the logon SID of an existing token, e.g. one that you get from LogonUser. I mentioned LsaLogonUser, but again, it looks insanely difficult to PInvoke correctly from managed code. Today, I stumbled upon the interestingly-named LogonUserExExW function. It's not much harder to PInvoke than LogonUser; it just has a few extra out parameters, which fortunately are optional! Best of all, it takes a TOKEN_GROUPS, which you can use to add the SID of the logon session under which the process should run. In fact, you can directly supply to it the pointer you get from GetTokenInformation on the real user's token, like you might get from WTSQueryUserToken.

I have tested this approach and it works perfectly. The token will have a different logon ID, but since it has the right group membership, it can act normally in desktops belonging to the desired logon session.

1 comment:

  1. Please i need to launch a process from a service with specific username and password in session 1, please can you show some example code?

    ReplyDelete