public void LaunchService(object context) { //The user that the process will be started under must have Read and //Execute access to this file, not the service account! If the user does //not have this access Process.Start will throw a Win32Exception //(ERROR_ACCESS_DENIED). string path = System.Reflection.Assembly.GetExecutingAssembly().Location; ProcessStartInfo psi = new ProcessStartInfo(path); psi.Arguments = "/i"; psi.CreateNoWindow = true; //Must be set if running under new credentials. psi.UseShellExecute = false; //This must be set to a valid directory. If left to the default //you will get a Win32Exception - invalid directory error. psi.WorkingDirectory = Environment.GetFolderPath(Environment.SpecialFolder.System); //Set user psi.Domain = Environment.MachineName; psi.UserName = "******"; psi.Password = new System.Security.SecureString(); psi.Password.AppendChar('t'); psi.Password.AppendChar('e'); psi.Password.AppendChar('s'); psi.Password.AppendChar('t'); try { //The following security adjustments are necessary to give the new //process sufficient permission to run in the service's window station //and desktop. This uses classes from the AsproLock library also from //Asprosys. IntPtr hWinSta = GetProcessWindowStation(); WindowStationSecurity ws = new WindowStationSecurity(hWinSta, System.Security.AccessControl.AccessControlSections.Access); ws.AddAccessRule(new WindowStationAccessRule("LaunchProcessUser", WindowStationRights.AllAccess, System.Security.AccessControl.AccessControlType.Allow)); ws.AcceptChanges(); IntPtr hDesk = GetThreadDesktop(GetCurrentThreadId()); DesktopSecurity ds = new DesktopSecurity(hDesk, System.Security.AccessControl.AccessControlSections.Access); ds.AddAccessRule(new DesktopAccessRule("LaunchProcessUser", DesktopRights.AllAccess, System.Security.AccessControl.AccessControlType.Allow)); ds.AcceptChanges(); EventLog.WriteEntry("Launching application.", EventLogEntryType.Information); using (Process process = Process.Start(psi)) { } } catch (Exception ex) { EventLog.WriteEntry(string.Format("Exception thrown:{0}{0}{1}", Environment.NewLine, ex), EventLogEntryType.Error); } }
public void RemoveDesktopPermission(string userOrGroupName) { SafeHandle shWindowStation = new NonReleasingSafeHandle(GetProcessWindowStation(), false); var ws = new WindowStationSecurity(shWindowStation); ws.RemoveAccessRule(new AccessRule<NativeMethods.WindowStationRights>(userOrGroupName, NativeMethods.WindowStationRights.AllAccess, AccessControlType.Allow)); ws.AcceptChanges(); SafeHandle shDesktopThread = new NonReleasingSafeHandle(GetThreadDesktop(GetCurrentThreadId()), false); var ds = new DesktopSecurity(shDesktopThread); ds.RemoveAccessRule(new AccessRule<NativeMethods.DesktopRights>(userOrGroupName, NativeMethods.DesktopRights.AllAccess, AccessControlType.Allow)); ds.AcceptChanges(); }
public void RemoveDesktopPermission(string userOrGroupName) { SafeHandle shWindowStation = new NonReleasingSafeHandle(GetProcessWindowStation(), false); var ws = new WindowStationSecurity(shWindowStation); ws.RemoveAccessRule(new AccessRule <NativeMethods.WindowStationRights>(userOrGroupName, NativeMethods.WindowStationRights.AllAccess, AccessControlType.Allow)); ws.AcceptChanges(); SafeHandle shDesktopThread = new NonReleasingSafeHandle(GetThreadDesktop(GetCurrentThreadId()), false); var ds = new DesktopSecurity(shDesktopThread); ds.RemoveAccessRule(new AccessRule <NativeMethods.DesktopRights>(userOrGroupName, NativeMethods.DesktopRights.AllAccess, AccessControlType.Allow)); ds.AcceptChanges(); }
public void RemoveDesktopPermission() { IntPtr hWindowStation = GetProcessWindowStation(); var ws = new WindowStationSecurity(hWindowStation, AccessControlSections.Access); ws.RemoveAccessRule(new WindowStationAccessRule(userName, WindowStationRights.AllAccess, AccessControlType.Allow)); ws.AcceptChanges(); IntPtr hDesktopThread = GetThreadDesktop(GetCurrentThreadId()); var ds = new DesktopSecurity(hDesktopThread, AccessControlSections.Access); ds.RemoveAccessRule(new DesktopAccessRule(userName, DesktopRights.AllAccess, AccessControlType.Allow)); ds.AcceptChanges(); }
public void RemoveDesktopPermission() { try { IntPtr hWinSta = NativeMethods.GetProcessWindowStation(); var ws = new WindowStationSecurity(hWinSta, AccessControlSections.Access); ws.RemoveAccessRule(new WindowStationAccessRule(userName, WindowStationRights.AllAccess, AccessControlType.Allow)); ws.AcceptChanges(); IntPtr hDesk = NativeMethods.GetThreadDesktop(NativeMethods.GetCurrentThreadId()); var ds = new DesktopSecurity(hDesk, AccessControlSections.Access); ds.RemoveAccessRule(new DesktopAccessRule(userName, DesktopRights.AllAccess, AccessControlType.Allow)); ds.AcceptChanges(); } catch (Exception ex) { log.ErrorException("Exception removing desktop permissions!", ex); } }
public static extern IntPtr OpenDesktopA( string lpszDesktop, uint dwFlags, bool fInherit, DesktopSecurity dwDesiredAccess );