Launching an administrative interactive process when a standard user is logged on

Question

I have a system service which creates a helper interactive process as administrator so that it can access some desktop-related resources, including the BlockInput() function

Answer 1

You can duplicate your own token, then change the session on the duplicated token using the SetTokenInformation function to put it into the interactive session.

As you note, running as SYSTEM in an interactive session is discouraged because it gives the interactive user openings to attack your process, potentially gaining elevated privileges. (Search for "shatter attack" for more information.) However, this concern applies equally well to a process running as an administrative user in a non-administrative user's session.

Ideally, you should use a non-administrative process in the interactive session, to perform functions which require an interactive session, while using the service to perform functions which require administrative privilege. There shouldn't be any functions that require both, but if NVAPI breaks this rule, there's not much you can do about it.

Consider launching the process into a specially created (and appropriately secured) workstation in the interactive user's session in order to minimize this risk.