<lu***********@coders-lab.be> wrote in message
news:11*********************@j55g2000cwa.googlegro ups.com...
|
|
lu***********@coders-lab.be schreef:
|
| > Greg Young schreef:
| >
| > > And you are hard coding the username/password of the current user into
the
| > > code?
| > >
| > > I would imagine this may not work, try using LogonUser
| > >
http://msdn.microsoft.com/library/en...asp?frame=true
| > > and CreateProcessAsUser
| > >
http://msdn.microsoft.com/library/de...cessasuser.asp
| > >
| > > If you google on the API function names with "C#" it is pretty easy to
get
| > > their definitions as well as some articles on usage.
| > >
| > > Cheers,
| > >
| > > Greg Young
| > > MVP - C#
| > >
http://geekswithblogs.net/gyoung
| >
| >
| > Thank you, I managed to launch a process with a specified account using
| > CreateProcessAsUser.
| >
| > First I do an impersonation of a specific user, then I create a token
| > based on the impersonated windows identity (DuplicateTokenEx) and then
| > I use this token in CreateProcessAsUser to start a proces.
| >
| > However, I need to explicitely specify the username, domain and
| > password to impersonate.
| >
| > Is it possible to retrieve the token of the currently logged on user
| > (which will be null if no user is logged on) so that I can impersonate
| > the currently logged on user from within the windows service?
|
| Question: what are the consequences of starting an application from a
| windows service so that it runs under the SYSTEM account? I ask this
| because I noticed that the processes that correspond to the tray icons
| also run under the SYSTEM account...
User processes that have a UI should never run in the TCB, that is they
should never run as SYSTEM. Even windows services should (preferably) not
run as SYSTEM, use one of the service accounts like LOCAL_SERVICE or
NETWORK_SERVICE to run a Service if you care about security.
Willy.