createprocessasuser

I've been attempting to create a new process under the context of a specific user using the CreateProcessAsUser function of the Windows API, but seem to be running into a rather nasty security issue... Before I explain any further, here's the code I'm currently using to start the new process (a console process - PowerShell to be specific, though it shouldn't matter). private void StartProcess() { bool retValue; // Create startup info for new console process. var startupInfo = new STARTUPINFO(); startupInfo.cb = Marshal.SizeOf(startupInfo); startupInfo.dwFlags = StartFlags.STARTF_USESHOWWINDOW;

I have a legacy Windows server service and (spawned) application that works fine in XP-64 and W2K3, but fails on W2K8. I believe it is because of the new " Session 0 isolation " feature. Consequently, I'm looking for code samples/security settings mojo that let you create a new process from a windows service for Windows 2008 Server such that I can restore (and possibly surpass) the previous behavior. I need a solution that: Creates the new process in a non-zero session to get around session-0 isolation restrictions (no access to graphics hardware from session 0) - the official MS line on this

I have a system service which creates a helper interactive process as administrator so that it can access some desktop-related resources, including the BlockInput() function and NVIDIA's NVAPI functions, which cannot be run from a service. When the logged on user was a member of Administrators, the following worked: Set privilege levels, including SE_TCB_NAME Get active session ID with WTSGetActiveConsoleSessionId() Get logged on user from session ID with WTSQueryUserToken() GetTokenInformation() with TokenLinkedToken DuplicateTokenEx() with SecurityImpersonation Launch process with