Get Window Station for a non-interactive user per process, user or session?

Question

When using CreateProcessAsUser we pass STARTUPINFO and with lpDesktop NULL, the target is winsta0/default, the interactive desktop of the interactive user.

I wish to target a window station in another session of a second, non-interactive user, say a remote desktop user.

I assume that it can't be winsta0 because that's reserved for the single interactive user.

I am looking at the function list here: http://msdn.microsoft.com/en-us/library/ms687107(v=VS.85).aspx

I can enumerate window stations on the machine, but how do I identify which window station is connected to which user/process/session?

Each window station is connected to a session Each process has a target window station

But how, for example if I have a process, or a session ID, do I determine which Window Station it is associated with?

Answer 1

On WinXP/Win2K3 or higher, you could do the following:

1. Call WTSEnumerateSessions to get a list of active session information (which will also give you the window station name associated to each session).
2. Pass the session id to WTSQueryUserToken.
3. Pass the token to GetTokenInformation to get the user's SID.
4. Pass the user's SID to LsaLookupSids to get the user and domain names.

Also, if you want to identify which session is the active console session, you can compare the session id to the return value of WTSGetActiveConsoleSessionId.

However, I would recommend using the token returned from WTSQueryUserToken to launch a process on the target desktop via CreateProcessAsUser, as Franci mentioned. You'll have to pass it through DuplicateTokenEx to convert it from an impersonation token to a primary token, but it works on WinXP or higher, and Microsoft documents it as the "preferred" way to launch interactive applications from the services desktop on Vista and higher.

Answer 2

You can use GetUserObjectinformation to get the SID of the user associated with that window station.

As for finding the Window Station from a process: - Get the top-level window handle for the process
- Enumerate the window stations (EnumWindowStations)
- Enumerate the desktops for each window station (EnumDesktops)
- Enumerate the windows for each desktop (EnumDesktopWindows) until you find a match.

Yeah, it's not a straightforward, but it should solve your problem.

Note: On Vista and Win7, the interactive user is not in winsta0. Winsta0 is reserved for the system and services only, the interactive user gets a new windows station and is treated the (mostly) same way as a TS users.