Leonid B


I have a service running under a local user account (which is a member of the local Administrators group). This service has to launch an application for a currently logged on user (a different user). These are my steps:

1. Find a well known process id (explorer.exe) that is ran by a logged on user.

2. Adjust privileges to get SE_DEBUG_NAME enabled.

3. Use h = OpenProcess(PROCESS_ALL_ACCESS, .... ) to get a handle to the process.

4. Use OpenProcessToken(h, TOKEN_QUERY | TOKEN_IMPERSONATE | TOKEN_DUPLICATE, ....) to get a user token. <--- this is the step that is always failing with access denied error.

If I use Local System to run the service, it works perfect. Administrator - not. What privileges the administrator is missing to call OpenProcessToken for another process