CreateProcessWithLogonW doesn't work with XP service pack 2

[jerry]

I'm trying to run an application under another user within a winform
app writen in C#. I have tried a number of different things, but it
seems that the CreateProcessWithLogonW function should work to do what
I need to do. This appears to work just fine in Windows 2000 and XP
with service pack 1, but it doesn't work with XP service pack 2
installed.

I'm sure it's one of the "Enhanced security features" of service pack
2, but I can't seem to get this to work. The function returns a 1
indicating that it worked fine, but the applcation that I'm trying
launch does not launch.

To give a little background on what I'm doing:

I have written a small app that is basically just an interface for the
netsh command to change network setting for the user. The users do not
have admin rights on their machines, but a select few need to be able
to change their IP addresses for buisness reasons. Because of this, I
basically just call the CreateProcessWithLogonW function to start run
the netsh command under an admin account on the machine to change the
IP address to whatever the user specifies in the interface that I
provided.

As a test, I have created two very simple windows apps. The first one
calls the CreateProcessWithLogonW function to login as another account
on the machine. It then calls another simple application that uses the
WindowsIdentity to show the current user. This works fine on Win2K and
XP sp1, but not with service pack 2.

If anyone know how to get around this, that would be great.

Thanks,
Jerry

 

[Joshua Flanagan]

Sorry if this doesn't directly address your question, but it may be an
alternative to help solve your problem.

Have you considered making a windows service that runs under a
priveleged account? You could then make the client WinForms application
(running as the logged in user), communicate with the service via .NET
Remoting, and request the service to make changes on the user's behalf.
That way, your application does not have to store administrator
credentials (as I assume you are doing with your CreateProcessWithLogonW
approach) on the user's machine.

 

[jerry]

Thanks, that is an interesting idea that I haven't thought of even
though I have done a number of applications with windows services. I
would still like to get this other method working though. The
application has been working fine for 3 years, but now that the current
IT build includes service pack 2, it's not working. I will keep the
windows service in mind though as another alternative. Good idea.

If anyone else has ideas on how to get the CreateProcessWithLogonW,
that would great.