public void LaunchService(object context)
{
//The user that the process will be started under must have Read and
//Execute access to this file, not the service account! If the user does
//not have this access Process.Start will throw a Win32Exception
//(ERROR_ACCESS_DENIED).
string path = System.Reflection.Assembly.GetExecutingAssembly().Location;
ProcessStartInfo psi = new ProcessStartInfo(path);
psi.Arguments = "/i";
psi.CreateNoWindow = true;
//Must be set if running under new credentials.
psi.UseShellExecute = false;
//This must be set to a valid directory. If left to the default
//you will get a Win32Exception - invalid directory error.
psi.WorkingDirectory = Environment.GetFolderPath(Environment.SpecialFolder.System);
//Set user
psi.Domain = Environment.MachineName;
psi.UserName = "******";
psi.Password = new System.Security.SecureString();
psi.Password.AppendChar('t');
psi.Password.AppendChar('e');
psi.Password.AppendChar('s');
psi.Password.AppendChar('t');
try
{
//The following security adjustments are necessary to give the new
//process sufficient permission to run in the service's window station
//and desktop. This uses classes from the AsproLock library also from
//Asprosys.
IntPtr hWinSta = GetProcessWindowStation();
WindowStationSecurity ws = new WindowStationSecurity(hWinSta,
System.Security.AccessControl.AccessControlSections.Access);
ws.AddAccessRule(new WindowStationAccessRule("LaunchProcessUser",
WindowStationRights.AllAccess, System.Security.AccessControl.AccessControlType.Allow));
ws.AcceptChanges();
IntPtr hDesk = GetThreadDesktop(GetCurrentThreadId());
DesktopSecurity ds = new DesktopSecurity(hDesk,
System.Security.AccessControl.AccessControlSections.Access);
ds.AddAccessRule(new DesktopAccessRule("LaunchProcessUser",
DesktopRights.AllAccess, System.Security.AccessControl.AccessControlType.Allow));
ds.AcceptChanges();
EventLog.WriteEntry("Launching application.", EventLogEntryType.Information);
using (Process process = Process.Start(psi))
{
}
}
catch (Exception ex)
{
EventLog.WriteEntry(string.Format("Exception thrown:{0}{0}{1}", Environment.NewLine, ex), EventLogEntryType.Error);
}
}
public void RemoveDesktopPermission(string userOrGroupName)
{
SafeHandle shWindowStation = new NonReleasingSafeHandle(GetProcessWindowStation(), false);
var ws = new WindowStationSecurity(shWindowStation);
ws.RemoveAccessRule(new AccessRule<NativeMethods.WindowStationRights>(userOrGroupName, NativeMethods.WindowStationRights.AllAccess, AccessControlType.Allow));
ws.AcceptChanges();
SafeHandle shDesktopThread = new NonReleasingSafeHandle(GetThreadDesktop(GetCurrentThreadId()), false);
var ds = new DesktopSecurity(shDesktopThread);
ds.RemoveAccessRule(new AccessRule<NativeMethods.DesktopRights>(userOrGroupName, NativeMethods.DesktopRights.AllAccess, AccessControlType.Allow));
ds.AcceptChanges();
}
public void RemoveDesktopPermission(string userOrGroupName)
{
SafeHandle shWindowStation = new NonReleasingSafeHandle(GetProcessWindowStation(), false);
var ws = new WindowStationSecurity(shWindowStation);
ws.RemoveAccessRule(new AccessRule <NativeMethods.WindowStationRights>(userOrGroupName, NativeMethods.WindowStationRights.AllAccess, AccessControlType.Allow));
ws.AcceptChanges();
SafeHandle shDesktopThread = new NonReleasingSafeHandle(GetThreadDesktop(GetCurrentThreadId()), false);
var ds = new DesktopSecurity(shDesktopThread);
ds.RemoveAccessRule(new AccessRule <NativeMethods.DesktopRights>(userOrGroupName, NativeMethods.DesktopRights.AllAccess, AccessControlType.Allow));
ds.AcceptChanges();
}
public void RemoveDesktopPermission()
{
IntPtr hWindowStation = GetProcessWindowStation();
var ws = new WindowStationSecurity(hWindowStation, AccessControlSections.Access);
ws.RemoveAccessRule(new WindowStationAccessRule(userName, WindowStationRights.AllAccess, AccessControlType.Allow));
ws.AcceptChanges();
IntPtr hDesktopThread = GetThreadDesktop(GetCurrentThreadId());
var ds = new DesktopSecurity(hDesktopThread, AccessControlSections.Access);
ds.RemoveAccessRule(new DesktopAccessRule(userName, DesktopRights.AllAccess, AccessControlType.Allow));
ds.AcceptChanges();
}
public void RemoveDesktopPermission()
{
try
{
IntPtr hWinSta = NativeMethods.GetProcessWindowStation();
var ws = new WindowStationSecurity(hWinSta, AccessControlSections.Access);
ws.RemoveAccessRule(new WindowStationAccessRule(userName, WindowStationRights.AllAccess, AccessControlType.Allow));
ws.AcceptChanges();
IntPtr hDesk = NativeMethods.GetThreadDesktop(NativeMethods.GetCurrentThreadId());
var ds = new DesktopSecurity(hDesk, AccessControlSections.Access);
ds.RemoveAccessRule(new DesktopAccessRule(userName, DesktopRights.AllAccess, AccessControlType.Allow));
ds.AcceptChanges();
}
catch (Exception ex)
{
log.ErrorException("Exception removing desktop permissions!", ex);
}
}
public static extern IntPtr OpenDesktopA(
string lpszDesktop,
uint dwFlags,
bool fInherit,
DesktopSecurity dwDesiredAccess
);
