I'm trying to do the same thing. I have it working on Windows XP but
cannot interact with Vista. To clarify, my service is running under
the systemaccount and I want to display a License(EULA) that the user
must read and acknowledge by clicking ok. This is a security
requirement for my software that tells them they are tracked and by
using the computer they understand they will be monitored. I know I
could inject this into the registry to be started when the user logs
on, but we've had users remove it from the registry. Launching the
program from a service makes it more secure and it currently works
just fine under XP.

So everyone knows, I have two programs just like MS recommends. The
service is one and it is trying to lanuch the second program into
WinStat0\Winlogin. The service interacts with the second program
using pipes; just like Microsoft suggests. My service also waits
until it sees the console connect then it launches the program.

My question do I have to have the program launched to session 1 or
session 0; in otherwords before anyone logs onto Vista where is the
Winlogin running?

Secondly, if it's session 1 then I'm assuming I will have to switch to
session 1 somehow? Should I grab the token of winlogin.exe and
DuplicateTokenEx and then use CreateProcessAsUser? I tried this but
it didn't seem to work.

Any help would be appreciated, thanks

TK

If you launch your program in session 0 then the user will never see it. If
you launch your program in session 1 then there's a random chance that the
user will see it.

In my experience, if you launch your program in the session number that is
returned by WTSGetActiveConsoleSessionId, then there's still a random chance
that the user will see it. But at least if you do it that way, the
randomness might not be your fault.


wrote in message
news:1192473903.016707.12760@q5g2000prf.googlegrou ps.com...
> I'm trying to do the same thing. I have it working on Windows XP but
> cannot interact with Vista. To clarify, my service is running under
> the systemaccount and I want to display a License(EULA) that the user
> must read and acknowledge by clicking ok. This is a security
> requirement for my software that tells them they are tracked and by
> using the computer they understand they will be monitored. I know I
> could inject this into the registry to be started when the user logs
> on, but we've had users remove it from the registry. Launching the
> program from a service makes it more secure and it currently works
> just fine under XP.
>
> So everyone knows, I have two programs just like MS recommends. The
> service is one and it is trying to lanuch the second program into
> WinStat0\Winlogin. The service interacts with the second program
> using pipes; just like Microsoft suggests. My service also waits
> until it sees the console connect then it launches the program.
>
> My question do I have to have the program launched to session 1 or
> session 0; in otherwords before anyone logs onto Vista where is the
> Winlogin running?
>
> Secondly, if it's session 1 then I'm assuming I will have to switch to
> session 1 somehow? Should I grab the token of winlogin.exe and
> DuplicateTokenEx and then use CreateProcessAsUser? I tried this but
> it didn't seem to work.
>
> Any help would be appreciated, thanks
>
> TK
>
>
>
>
>

On Oct 15, 8:16 pm, "Norman Diamond"
wrote:
> If you launch your program in session 0 then the user will never see it. If
> you launch your program in session 1 then there's a random chance that the
> user will see it.
>
> In my experience, if you launch your program in the session number that is
> returned by WTSGetActiveConsoleSessionId, then there's still a random chance
> that the user will see it. But at least if you do it that way, the
> randomness might not be your fault.
>
> wrote in message
>
> news:1192473903.016707.12760@q5g2000prf.googlegrou ps.com...
>
>
>
> > I'm trying to do the same thing. I have it working on Windows XP but
> > cannot interact withVista. To clarify, my service is running under
> > the systemaccount and I want to display a License(EULA) that the user
> > must read and acknowledge by clicking ok. This is a security
> > requirement for my software that tells them they are tracked and by
> > using the computer they understand they will be monitored. I know I
> > could inject this into the registry to be started when the user logs
> > on, but we've had users remove it from the registry. Launching the
> > program from a service makes it more secure and it currently works
> > just fine under XP.
>
> > So everyone knows, I have two programs just like MS recommends. The
> > service is one and it is trying to lanuch the second program into
> > WinStat0\Winlogin. The service interacts with the second program
> > using pipes; just like Microsoft suggests. My service also waits
> > until it sees the console connect then it launches the program.
>
> > My question do I have to have the program launched to session 1 or
> > session 0; in otherwords before anyone logs ontoVistawhere is the
> > Winlogin running?
>
> > Secondly, if it's session 1 then I'm assuming I will have to switch to
> > session 1 somehow? Should I grab the token of winlogin.exe and
> > DuplicateTokenEx and then use CreateProcessAsUser? I tried this but
> > it didn't seem to work.
>
> > Any help would be appreciated, thanks
>
> > TK- Hide quoted text -
>
> - Show quoted text -

Actually, I do NOT want the program to be launched in the user
session. I want the program to be seen before any user logs on. The
idea is you turn on the PC and before you login to Vista the program
displays the confirmation and the user has to acknowleged it by
clicking on the checkbox and clicking ok. In XP this is easy to do
because my service just launches the program to the WinStat0\Winlogon
desktop.

In Vista the program launches but it can not be seen, is this because
the Winlogon screen is really session 1 when you first boot? Or is
there something goofy in Vista that needs set?

Its something goofy in Vista that you can't set. Your applications
requirements are in conflict with what MS allow in Vista. And rightly so in
my mind.

You are trying to do the impossible, and by impossible I mean that any means
you find to do what you want to will more than likley be broken by
subsequent Vista security patches service pack or operating system upgrade.

Anyway, before "any user" has logged on, no one has authenticated themselves
and hence it is not possible to audit that a legitimate (i.e. authorised to
use the system) user "accepted" the confirmation. So youre requirements are
doubly invalid.

wrote in message
news:1192543283.054060.203820@q3g2000prf.googlegro ups.com...
> Actually, I do NOT want the program to be launched in the user
> session. I want the program to be seen before any user logs on. The
> idea is you turn on the PC and before you login to Vista the program
> displays the confirmation and the user has to acknowleged it by
> clicking on the checkbox and clicking ok. In XP this is easy to do
> because my service just launches the program to the WinStat0\Winlogon
> desktop.
>
> In Vista the program launches but it can not be seen, is this because
> the Winlogon screen is really session 1 when you first boot? Or is
> there something goofy in Vista that needs set?
>
>
>

ND> If you launch your program in session 0 then the user will never
ND> see it. If you launch your program in session 1 then there's a
ND> random chance that the user will see it. [...]

tk> Actually, I do NOT want the program to be launched in the user
tk> session. I want the program to be seen before any user logs on.

You are conflating sessions and login sessions.

http://homepages.tesco.net./~J.deBoy...GA/windows-nt-
session.html>

tk> In Vista the program launches but it can not be seen, is this
tk> because the Winlogon screen is really session 1 when you
tk> first boot?

http://homepages.tesco.net./~J.deBoy.../windows-nt-6-
boot-process.html>

wrote in message
news:1192543283.054060.203820@q3g2000prf.googlegro ups.com...

> Actually, I do NOT want the program to be launched in the user session. I
> want the program to be seen before any user logs on.

WTSGetActiveConsoleSessionId will tell you the Terminal Services session
number of the active console, regardless of whether a user is logged into
it. Some of the other WTS____ APIs will tell you if a user is logged in or
not. The TS session number will not always be 1, but when Vista behaves as
documented the TS session number will never be 0 in Vista. Services are in
session 0 so you have to find and open the active session.

Beware that at least one of the WTS____ APIs is broken in the ANSI version.
If your program is Unicode then it will probably be all right, though I
still don't know how to predict if your message box will be shown properly.
If your program is ANSI then you must explicitly call the _____W versions of
the APIs and then call WideCharToMultiByte.