Problem with CreateProcessAsUser() in Windows Vista

[Guest]

Our product supports Win2K, Windows XP and Vista. We use VS2005 Professional
for development. Our product has 2 components: Service (running as a service)
and UI (user mode application).

We want to launch a process in user session from our service running in a
Local System account. This is accomplished by calling the CreateProcessAsUser
() API. The required process launches in the user’s session as expected.
However, if the process has a window associated with it, the window does not
appear on top of all open windows (works fine in Windows XP). In order to
set the window to foreground, we find the window handle using FindWindow ()
API and then explicitly set the window to foreground.

We tried launching certain generic applications like notepad.exe to confirm
this behavior and notepad.exe also does not get launched in the foreground.

Another problem we faced was when there are multiple windows associated with
a process and there is no parent-child relationship between those windows.
Hence setting just one window to foreground will not suffice.

We tried to use the STARTUPINFO structure used in CreateProcessAsUser () to
ensure the “setting to foreground†behavior but could not find suitable
options to accomplish the same.

So is there a way to ensure that all windows associated with a process
launched in user-session using CreateProcessAsUser () are launched in the
foreground?

 

[Andrew McLaren]

We want to launch a process in user session from our service running in a
Local System account. This is accomplished by calling the
CreateProcessAsUser
() API. The required process launches in the user's session as expected.
However, if the process has a window associated with it, the window does
not
appear on top of all open windows (works fine in Windows XP). In order to

Hi Sumeet,

You'll probably get better results asking in a newsgroup like
microsoft.public.platformsdk.security.

The "microsoft.public.windows.vista.general" newsgroup is oriented towards
end-users; very few people here are Win32 programmers. In fact most folk
here don't have any technical knowledge at all, they're just users.

The security context of the spawned process may be a factor. You service
will probably be running with low IL ("Integrity level"). The
CreateProcessAsUser()-spawned process will need a higher integrity level, in
order to display on the user's desktop - it would need to be digitally
signed; and have a manifest with uiaccess=true, before windows will be
visible. Otherwise, no window will be visible. Except, in Vista, you cannot
create an elevated process (ie with higher integrity level) by using
CreateProcessAsUser()!! To create a process with a higher integrity level,
you need to use ShellExecute(). To create a visible window, you might need
to create a "worker" process in the user's session using
CreateProcessAsUser(); which in turn calls ShellExecute(), to create the
"real" spawned process which does the work of displaying windows etc. It
sounds clunky; but this is certainly what some other people have
successfully tried.

Trying to port an interactive service application from XP to Vista involves
more than adjusting a few lines of code; ideally, you should sit down and
really study Vista's UAC architecture. And be prepared to redesign the whole
application from scratch. Yes, this is a lot of work; but in the end it will
be quicker, more reliable, and with fewer ongoing maintenance costs. By the
way, if you're planning to send WM_ messages from the service to the user's
process (eg SendMessage()) - give up, it won't work. You'll need to use RPC,
Named Pipes, or some other form of inter-process communication.

Overall, I'd try a group like microsoft.public.win32.programmer.ui or
microsoft.public.platformsdk.security. You're more likely to get good
answers there (well ... better than mine, anyway! .

Not that it directly addresses your issue, but a couple of resources that
might be helpful:

Video of Vineet Sarda from Microsoft, describing how he converted an XP
interactive service into a service plus interactive application, for Vista
(with code examples)
http://channel9.msdn.com/ShowPost.aspx?PostID=263925

Good article on the whole UAC thing, from a programmer's perspective ..
http://www.codeproject.com/useritem...sp?df=100&forumid=428214&exp=0&select=2196846

Hope it helps. Good luck with the project!