Start User Process from Local System Service

Collapse
This topic is closed.
X
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • SugarDaddy
    #1

    Start User Process from Local System Service

    Here's my problem.

    I have an NT service (really a .NET service) running as local system.
    I have a .NET form running on the user account. The form and the
    service communicate via an IPC Channel so the form can control the
    service and do various things. Both applications share the same set
    of dlls.

    When performing an update of some of the dlls, both the service and
    the form must be shut down (that's just how it's implemented -- didn't
    want to deal with unloading app domains). The update is performed by
    a separate program that is run by the service, so the update process
    is also running under Local System. Since the update process shuts
    down the form process, I want it to restart the form process when the
    update completes. The problem is that the form process restarts as
    Local System. I want it to be under the user account that originally
    started it.

    There is a .NET method to start a process as another user --
    Process.Start() with a ProcessStartInf o structure that specifies the
    username and password of the user account. However, that cannot work
    because I can't specify the password. So I've resorted to getting the
    user handle via Interop and running StartProcessAsU ser giving it the
    user handle acquired from OpenProcessToke n. I get Access Denied.

    Any other ways to launch user process from local system without having
    the password?

    Tags: None
    • Nicholas Paldino [.NET/C# MVP]
      #2
      Re: Start User Process from Local System Service

      Unfortunately not, as it would cause a massive security hole by allowing
      this. If it was allowed, then you could launch any program under any user
      account without a password?

      You probably have to have some sort of monitor process that runs
      alongside your own with the singular purpose of receiving an update from
      your service (or your service's update process) notifying it that the update
      is complete, and then restarting your app.

      Hope this helps.


      --
      - Nicholas Paldino [.NET/C# MVP]
      - mvp@spam.guard. caspershouse.co m

      "SugarDaddy " <eric.olstad@gm ail.comwrote in message
      news:1178559144 .754810.105840@ l77g2000hsb.goo glegroups.com.. .
      Here's my problem.
      >
      I have an NT service (really a .NET service) running as local system.
      I have a .NET form running on the user account. The form and the
      service communicate via an IPC Channel so the form can control the
      service and do various things. Both applications share the same set
      of dlls.
      >
      When performing an update of some of the dlls, both the service and
      the form must be shut down (that's just how it's implemented -- didn't
      want to deal with unloading app domains). The update is performed by
      a separate program that is run by the service, so the update process
      is also running under Local System. Since the update process shuts
      down the form process, I want it to restart the form process when the
      update completes. The problem is that the form process restarts as
      Local System. I want it to be under the user account that originally
      started it.
      >
      There is a .NET method to start a process as another user --
      Process.Start() with a ProcessStartInf o structure that specifies the
      username and password of the user account. However, that cannot work
      because I can't specify the password. So I've resorted to getting the
      user handle via Interop and running StartProcessAsU ser giving it the
      user handle acquired from OpenProcessToke n. I get Access Denied.
      >
      Any other ways to launch user process from local system without having
      the password?
      >

        Comment

        • SugarDaddy
          #3
          Re: Start User Process from Local System Service

          On May 7, 2:03 pm, "Nicholas Paldino [.NET/C# MVP]"
          <m...@spam.guar d.caspershouse. comwrote:
          Unfortunately not, as it would cause a massive security hole by allowing
          this. If it was allowed, then you could launch any program under any user
          account without a password?
          >
          You probably have to have some sort of monitor process that runs
          alongside your own with the singular purpose of receiving an update from
          your service (or your service's update process) notifying it that the update
          is complete, and then restarting your app.
          >
          Hope this helps.
          >
          --
          - Nicholas Paldino [.NET/C# MVP]
          - m...@spam.guard .caspershouse.c om
          Thank you for the quick reply. I figured that it would be a security
          risk, but I thought that maybe there was some way of being able to
          restart a process that was already running. Your proposed solution is
          actually what I was considering. I just figured before I go through
          the work of implementing it with the IPC channel and all that it would
          be worth finding out if the easier way was possible.

          Thanks.

          -eric


            Comment

            • SugarDaddy
              #4
              Re: Start User Process from Local System Service

              Thought I'd post a follow-up...

              As per your suggestion, Nicholas, I implemented this like so.

              When the Service app running as Local System receives an update
              request and executes the update process (also running as Local
              System), the update process uses the Form application's IPC Server
              Channel to notify the form to shut down. The Form extracts from its
              resources a small console application that waits a certain amount of
              time before relaunching the Form app then shuts down. After the time
              passes (allowing the update to complete), the Form is relaunched. All
              in all, not a bad solution. A better solution would actually notify
              the "relauncher " app when the update completed rather than waiting a
              constant amount of time. But since the update is basically just
              copying fiiles, there's really not much more than a few milliseconds
              in variability between clients and the constant amount of time will
              suffice.

              Anyway, thanks again.

                Comment

                Previous template Next
                Working...