Question Service - CreateProcessAsUser as a local admin in a user session.


New member
Jan 12, 2023
Programming Experience
Hello all,

A Windows service is running as SYSTEM in the background.
The service should start an application in an active user session.
This application should be started with the rights of a third user (not SYSTEM, not current user but local admin account).

SYSTEM: The service is installed by default without any special configuration.
User A: Logged in with an own Windows session. His SessionID will be used to start an application under user B in it.
User B: Logged in with LogonUser to Windows. His token is then used for CreateProcessAsUser is used.

Current state
I have written a function which can start an application in the user session.
It expects parameters like: applicationName, commandline and the impersonation information.

What is working?
Launching an application from a service into a running user session. The application runs under the SYSTEM account or under the same account as the logged in user.

What does not work?
Launching an application from a service into a running user session. The application should run under another user account.
It gets launched but it is not usable (see attached Screenshot)

How to call the function
// = Prepare callback
helper.AppLauncher.PROCESS_INFORMATION procInfo;

// = Prepare impersonation
helper.AppLauncher.ImpersonationInfo impersonationInfo = new helper.AppLauncher.ImpersonationInfo();

// = 2: Start a process as specified user
impersonationInfo.LogonType = 2;        // Service = 0, CurrentUser = 1, LogonUser = [2]
impersonationInfo.LogonName = "theLocalUserWithAdminRights";
impersonationInfo.LogonPassword = "myVerySecre1P@ssword";
helper.AppLauncher.StartProcessInCurrentUserSession("cmd.exe", null, true, impersonationInfo, out procInfo);

The actual code is attached.

Thank you very much for your help!


  • Helper.cs.txt
    29.6 KB · Views: 87
  • CMD not usable.png
    CMD not usable.png
    3.4 KB · Views: 50
Top Bottom