Start User Process from Local System Service

[SugarDaddy]

Here's my problem.

I have an NT service (really a .NET service) running as local system.
I have a .NET form running on the user account. The form and the
service communicate via an IPC Channel so the form can control the
service and do various things. Both applications share the same set
of dlls.

When performing an update of some of the dlls, both the service and
the form must be shut down (that's just how it's implemented -- didn't
want to deal with unloading app domains). The update is performed by
a separate program that is run by the service, so the update process
is also running under Local System. Since the update process shuts
down the form process, I want it to restart the form process when the
update completes. The problem is that the form process restarts as
Local System. I want it to be under the user account that originally
started it.

There is a .NET method to start a process as another user --
Process.Start() with a ProcessStartInfo structure that specifies the
username and password of the user account. However, that cannot work
because I can't specify the password. So I've resorted to getting the
user handle via Interop and running StartProcessAsUser giving it the
user handle acquired from OpenProcessToken. I get Access Denied.

Any other ways to launch user process from local system without having
the password?

 

[Nicholas Paldino [.NET/C# MVP]]

Unfortunately not, as it would cause a massive security hole by allowing
this. If it was allowed, then you could launch any program under any user
account without a password?

You probably have to have some sort of monitor process that runs
alongside your own with the singular purpose of receiving an update from
your service (or your service's update process) notifying it that the update
is complete, and then restarting your app.

Hope this helps.

 

[SugarDaddy]

Unfortunately not, as it would cause a massive security hole by allowing
this. If it was allowed, then you could launch any program under any user
account without a password?

You probably have to have some sort of monitor process that runs
alongside your own with the singular purpose of receiving an update from
your service (or your service's update process) notifying it that the update
is complete, and then restarting your app.

Hope this helps.

Thank you for the quick reply. I figured that it would be a security
risk, but I thought that maybe there was some way of being able to
restart a process that was already running. Your proposed solution is
actually what I was considering. I just figured before I go through
the work of implementing it with the IPC channel and all that it would
be worth finding out if the easier way was possible.

Thanks.

-eric

 

[SugarDaddy]

Thought I'd post a follow-up...

As per your suggestion, Nicholas, I implemented this like so.

When the Service app running as Local System receives an update
request and executes the update process (also running as Local
System), the update process uses the Form application's IPC Server
Channel to notify the form to shut down. The Form extracts from its
resources a small console application that waits a certain amount of
time before relaunching the Form app then shuts down. After the time
passes (allowing the update to complete), the Form is relaunched. All
in all, not a bad solution. A better solution would actually notify
the "relauncher" app when the update completed rather than waiting a
constant amount of time. But since the update is basically just
copying fiiles, there's really not much more than a few milliseconds
in variability between clients and the constant amount of time will
suffice.

Anyway, thanks again.