Windows XP.
Service running as LocalSystem.

This service has a requirement to create a process running a GUI-based
executable on the current "input" desktop. The input desktop may be the
"default" desktop of any user logged into the machine (and there could be
more than one if Fast-User Switching is turned on) or the "winlogin"
desktop. Making the process start and display its window is simple
enough--however the trick is that the process also must be running as the
same user that the desktop corresponds to:

winlogin = system
default =

The app will not work correctly if it is unconditionally run under the
system account.

So, I understand that CreateProcessAsUser() will do the trick if you can
obtain the correct user access token. I have been able to successfully
gather the access token from a process already running under the user I want
and use it to create my process. I works fine (most likely because I am
LocalSystem). I gathered the access token by opening the Task Manager and
determining the PID of a process already running as the user I want to run
my process as--then gathering the access token from the process.

But the real question is:
How do I programmatically know what user is associated with the input
desktop?

If I call GetUserObjectInformation() on the input desktop handle requesting
the user that is currently associated with the desktop (UOI_USER_SID), but
that SID doesn't match the SID of any users on the machine. The same SID is
returned for both the "winlogin" and "default" desktops. In fact, if I
lookup the account name using LookupAccountSid() and it returns false
indicating it couldn't do it's job. I'm confused what this means. Anybody
know?

BTW: If more than one user is simultaneously logged (Fast-User Switching),
will their desktop objects both live under WinSta0? WinSta0, as I
understand it, is the only "interactive" windows station. What about their
desktop names? Just curious.

Thanks.

Matt