I wanted to create an additional desktop for the second user logged on. But finally only an empty desktop was shown, which was not expected result.
The steps are:
Start a service under administrator account and call LogonUser() to logon user to domain (with LOGON32_LOGON_INTERACTIVE flag).
Call CreateProcessAsUser() to launch another process, in which,
Call CreateDesktop() to create another desktop.
Call SwitchDesktop() to make it visible.
Call CreateProcess() to launch "explorer.exe" specifying lpDesktop in STARTUPINFO structure as new desktop.
Then call Sleep() to let the new desktop to stay for a while.
Switch back the old desktop.
But the new desktop is only an blank screen with default background. I checked with task manager and found a new Explorer.exe is running and I couldn't terminate it with task manager. The message is "Access is denied." I also tried to launch other programs like Notepad.exe and got the same result.
Can anybody tell that what I'm doing wrong?
HenryZhou
November 17th, 2003, 01:30 AM
The os is Win2000.
PerryBruins
November 17th, 2003, 06:03 AM
Hi,
First process you need to run is userinit.exe (this will initialize the desktop). I am interested in your code to logon and createprocessas user, since I am involved in a similar project.
Thanks for your reply,
regards, Perry
HenryZhou
November 17th, 2003, 09:42 PM
Tried to start process userinit.exe after creating the new desktop, but there was an error message "Application failed to initialize properly (0xc0000142)...". Message title is Explorer.exe.
bResult = CreateProcessAsUser(
hToken, // client's access token
NULL, // file to execute
"MyApp.exe", // command line
NULL, // pointer to process SECURITY_ATTRIBUTES
NULL, // pointer to thread SECURITY_ATTRIBUTES
FALSE, // handles are not inheritable
NORMAL_PRIORITY_CLASS, // creation flags
NULL, // pointer to new environment block
NULL, // name of current directory
&si, // pointer to STARTUPINFO structure
&pi // receives information about new process
);
if (bResult == 0)
{
return FALSE;
}
// More code
}
Thanks
PerryBruins
November 18th, 2003, 01:44 AM
Hi Henry,
First of all, thanks for your code, it's more than helpfull. I have looked up the documentation of the LogonUser API, and it states that the token returned cannot be used (that is, not directly) in the CreateProcessAsUser API.
This is an excerpt from the documentation:
The LOGON32_LOGON_NETWORK logon type is the fastest, but there are two limitations. First, the function returns an impersonation token, not a primary token. You cannot use this token directly in the CreateProcessAsUser function. However, you can call the DuplicateTokenEx function to convert the token to a primary token, and then use it in CreateProcessAsUser. Second, if you convert the token to a primary token and use it in CreateProcessAsUser to start a process, the new process will not be able to access other network resources, such as remote servers or printers, through the redirector.
Could this be the reason you get the error "application failed to initialize properly"?
Regards, Perry
joscollin
November 18th, 2003, 02:21 AM
Originally posted by PerryBruins
Hi Henry,
First of all, thanks for your code, it's more than helpfull. I have looked up the documentation of the LogonUser API, and it states that the token returned cannot be used (that is, not directly) in the CreateProcessAsUser API.
This is an excerpt from the documentation:
The LOGON32_LOGON_NETWORK logon type is the fastest, but there are two limitations. First, the function returns an impersonation token, not a primary token. You cannot use this token directly in the CreateProcessAsUser function. However, you can call the DuplicateTokenEx function to convert the token to a primary token, and then use it in CreateProcessAsUser. Second, if you convert the token to a primary token and use it in CreateProcessAsUser to start a process, the new process will not be able to access other network resources, such as remote servers or printers, through the redirector.
Could this be the reason you get the error "application failed to initialize properly"?
Regards, Perry
Hi perry,
How did you handle the issues when client locks the server machine in your desktop sharing project?
reply...
collin
HenryZhou
November 18th, 2003, 02:51 AM
Hi Perry,
Thanks for your reply.
There is a second call of LogonUser() which uses LOGON32_LOGON_INTERACTIVE as logon type. The document specifies
"In most cases, the returned handle is a primary token that you can use in calls to the CreateProcessAsUser function. However, if you specify the LOGON32_LOGON_NETWORK flag, LogonUser returns an impersonation token that you cannot use in CreateProcessAsUser unless you call DuplicateTokenEx to convert it to a primary token."
So I think the token returned is a primary token.
Henry
PerryBruins
November 18th, 2003, 09:14 AM
"In most cases, the returned handle is a primary token that you can use in calls to the CreateProcessAsUser function. However, if you specify the LOGON32_LOGON_NETWORK flag, LogonUser returns an impersonation token that you cannot use in CreateProcessAsUser unless you call DuplicateTokenEx to convert it to a primary token."
You are absolutely right about this, sorry for missing this. I did some extensive searching on 0xc0000142, and it has to do with DLL initialization in combination with security, but it gets not clear what is the real cause (you probably found that out too ...)
Hi perry,
How did you handle the issues when client locks the server machine in your desktop sharing project?
reply...
collin
I did not reach that stage yet, when I do i'll let you know ...
Regards, Perry
codeguru.com
Copyright Internet.com Inc., All Rights Reserved.