Can't change user's session (switch users)

StackOverflow https://stackoverflow.com/questions/23615673

  •  21-07-2023
  •  | 
  •  

Question

I'm working with C++. I found in a multiple user profiles on computer, I want to write a service that change the session. but I can not change any session. I found in the following page code I'm using to change the user session.

http://msdn.microsoft.com/en-us/library/windows/desktop/aa379608(v=vs.85).aspx

I have tried CreateProcessAsUser function instead CreateProcessWithLogonW and CreateProcessWithTokenW. but it has all the functions returns FALSE. pi.hProcess and pi.hThread value from 0xcccccccc. The value returned error code 87. The program ended here:

bResult = CreateProcessAsUser(
    hToken,            
    NULL,              
    NULL,           
    NULL,              
    NULL,             
    FALSE,             
    NORMAL_PRIORITY_CLASS | CREATE_NEW_CONSOLE , 
    NULL,              
    NULL,             
    &si,               
    &pi               
    );




RevertToSelf();

if (bResult && pi.hProcess != INVALID_HANDLE_VALUE)
{
    WaitForSingleObject(pi.hProcess, INFINITE);
    CloseHandle(pi.hProcess);
}

if (pi.hThread != INVALID_HANDLE_VALUE){ //p.hTheread = 0xcccccccc
    wprintf(L"%d\n", GetLastError()); // ErrorCode=87. 
    CloseHandle(pi.hThread); 
}

When this code runs, I'm thinking of adding the code to the service.

Was it helpful?

Solution

You were misunderstanding the purpose of the CreateProcessAsUser function. This is not an uncommon misunderstanding.

The Win32 functions CreateProcessAsUser, CreateProcessWithLogonW, LogonUser, LogonUserEx, LogonUserExExW, CreateLogonSession, and so on, are all concerned with the kernel's security model (processes, logon sessions and tokens) not with the interactive logon process (creating remote desktop sessions, associating them with a user, and switching between them).

There are no Win32 functions that allow you to control the interactive logon process, although there are functions (such as ExitWindowsEx) that allow you to log the current user off.

Instead, depending on your circumstances, you can register a credential provider or use the AutoAdminLogon registry settings. The former is much more complicated; the latter is more limited - in particular, if the system is logged off, there does not appear to be any reliable way to initiate a logon with new credentials other that rebooting the system.

If you do use AutoAdminLogon, make sure you follow the instructions in Protecting the Automatic Logon Password to keep the password (reasonably) secure.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top