How to set “interact with desktop” in windows service installer

后端 未结 3 1850
抹茶落季
抹茶落季 2021-01-05 12:42

I have a windows service which runs under system account and executes some programs from time to time (yeah,yeah, I know that\'s a bad practice, but that\'s not my decis

相关标签:
3条回答
  • 2021-01-05 13:26
    private static void SetInterActWithDeskTop()
            {
                var service = new System.Management.ManagementObject(
                        String.Format("WIN32_Service.Name='{0}'", "YourServiceName"));
                try
                {
                    var paramList = new object[11];
                    paramList[5] = true;
                    service.InvokeMethod("Change", paramList);
                }
                finally
                {
                    service.Dispose();
                }
    
    
            }
    
    0 讨论(0)
  • 2021-01-05 13:33

    Same as Heisa but with WMI. (code is Powershell, but can be easily ported to C#)

    if ($svc = gwmi win32_service|?{$_.name -eq $svcname})
    {
        try {
            $null = $svc.change($svc.displayname,$svc.pathname,16,1,`
            "Manual",$false,$svc.startname,$null,$null,$null,$null)
            write-host "Change made"
        catch { throw "Error: $_" }
    } else
    { throw "Service $svcname not installed" }
    

    See MSDN: Service Change() method for param description.

    0 讨论(0)
  • 2021-01-05 13:38

    And finally after searching the internet for a week - I've found a great working solution: http://asprosys.blogspot.com/2009/03/allow-service-to-interact-with-desktop.html

    Find the desktop to launch into. This may seem facetious but it isn't as simple as it seems. With Terminal Services and Fast User Switching there can be multiple interactive users logged on to the computer at the same time. If you want the user that is currently sitting at the physical console then you're in luck, the Terminal Services API call WTSGetActiveConsoleSessionId will get you the session ID you need. If your needs are more complex (i.e. you need to interact with a specific user on a TS server or you need the name of the window station in a non-interactive session) you'll need to enumerate the Terminal Server sessions with WTSEnumerateSessions and check the session for the information you need with WTSGetSessionInformation.

    Now you know what session you need to interact with and you have its ID. This is the key to the whole process, using WTSQueryUserToken and the session ID you can now retrieve the token of the user logged on to the target session. This completely mitigates the security problem of the 'interact with the desktop' setting, the launched process will not be running with the LOCAL SYSTEM credentials but with the same credentials as the user that is already logged on to that session! No privilege elevation.

    Using CreateProcessAsUser and the token we have retrieved we can launch the process in the normal way and it will run in the target session with the target user's credentials. There are a couple of caveats, both lpCurrentDirectory and lpEnvironment must point to valid values - the normal default resolution methods for these parameters don't work for cross-session launching. You can use CreateEnvironmentBlock to create a default environment block for the target user.

    There is source code of the working project attached.

    0 讨论(0)
提交回复
热议问题