Starting a Windows service in an interactive session

Question

A colleague has a batch script program which needs to to run on a Windows Server in console mode, so that it has access to a Windows interactive session. The server is reboo

Answer 1

Have you tried having your script run as a Windows service, but allowing it to interact with the desktop?

Specifically:

1. Go to the service properties page
2. Click on the "Log On" tab
3. Select "Local System account"
4. Check "Allow service to interact with desktop"

Answer 2

I had to do something similar recently; a route that I found but discarded due to security concerns is to have the interactive service set self as running in interactive mode and then run the ImpersonateUser function in the win32 API, which I think will provide the benefits of both a user and the interactive session available from the LocalSystem.

Needless to say, if someone broke into a service that did that, they would have total control of the machine.

Answer 3

I recommend going about this another way. You could build another Windows app that communicates via IPC to the Windows Service and that could be what deals with the closed souorce application. But if you must, you can specify an option in the service (you can do this through MMC, registry, etc). Basically, you can see this option by going to Computer Management->Services and Applications->Services->Right click your service->Change account to Local System and check "Allow system to interact with desktop."

However, again, I recommend choosing another path.

Answer 4

In case "Interact with desktop" on the service is not enough (I have seen a handful of cases where it is not), you can combine it with AutoAdminLogon. Create three (or four for a domain) REG_SZ values under HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon:

• DefaultUsername
• DefaultPassword
• DefaultDomain
• AutoAdminLogon

AutoAdminLogon should be set to the string "1", the others are self-explanatory.

Obviously this has security issues big enough to fly Jupiter through.

Answer 5

See my similar question and real answer to it: How to start a process from windows service into currently logged in user's session NOTE: "Interact with desktop" checkbox is not enough at all.