How to avoid an "access denied" when setting PriorityClass

[muradjames]

I have a service running on my PC. I want to set the service's PriorityClass
to BelowNormal. I use the following code:

Process process = GetServiceProcess();

// How can I get the user's token (Local System) from the
process, or wherever?

using (WindowsImpersonationContext user =
WindowsIdentity.Impersonate(userToken))
{
process.PriorityClass = Settings.Default.servicePriority;
}

Clearly, this cannot work - I need the userToken.

So, my questions are:

1) Is this the correct approach? I am assuming that the "access denied" is
caused by the fact that my application is running as one user, and the
service is running as local system so I cannot change it? My approach is to
impersonate the local system user while I change the priority class.

2) If this is correct, how can I get the user token *of the service* (i.e.
the Local System token) so that I can impersonate it?

I am using .Net 3.5, by the way...any help gratefully accepted!!!

 

[Nicholas Paldino [.NET/C# MVP]]

Well, you would want to get the token of a user that has the appropriate
rights to change the priority of the class.

There is no such thing as the user token of the service. The service
runs under a user account, and that user is the one assocaited with the
process/thread.

If you don't have the appropriate permissions then you need to have the
service run under a user account that has permissions (in which case, none
of this is necessary), or call the LogonUser API function through the
P/Invoke layer, passing the username and password of the user you want to
impersonate, then use the user token returned from LogonUser to pass to the
Impersonate method (the documentation for the Impersonate method should have
an example of how to call LogonUser).

It should be noted that changing the priority of any process is
generally a bad idea.

 

[muradjames]

The fundamental question is, assuming there is no other approach:

The service runs as "Local System" - can I impersonate the "Local System"
account?

I don't believe that "logonuser" can help with this (what's the Local System
password, for example?)

What I was trying to demonstrate with the code is that I can get the process
that the service is running as - I just cannot get its user token.

Well, you would want to get the token of a user that has the appropriate
rights to change the priority of the class.

There is no such thing as the user token of the service. The service
runs under a user account, and that user is the one assocaited with the
process/thread.

If you don't have the appropriate permissions then you need to have the
service run under a user account that has permissions (in which case, none
of this is necessary), or call the LogonUser API function through the
P/Invoke layer, passing the username and password of the user you want to
impersonate, then use the user token returned from LogonUser to pass to the
Impersonate method (the documentation for the Impersonate method should have
an example of how to call LogonUser).

It should be noted that changing the priority of any process is
generally a bad idea.


--
- Nicholas Paldino [.NET/C# MVP]
- (e-mail address removed)

I have a service running on my PC. I want to set the service's
PriorityClass
to BelowNormal. I use the following code:

Process process = GetServiceProcess();

// How can I get the user's token (Local System) from the
process, or wherever?

using (WindowsImpersonationContext user =
WindowsIdentity.Impersonate(userToken))
{
process.PriorityClass =
Settings.Default.servicePriority;
}

Clearly, this cannot work - I need the userToken.

So, my questions are:

1) Is this the correct approach? I am assuming that the "access denied" is
caused by the fact that my application is running as one user, and the
service is running as local system so I cannot change it? My approach is
to
impersonate the local system user while I change the priority class.

2) If this is correct, how can I get the user token *of the service* (i.e.
the Local System token) so that I can impersonate it?

I am using .Net 3.5, by the way...any help gratefully accepted!!!