A Windows Vista forum. Vista Banter

Welcome to Vista Banter.

You are currently viewing our boards as a guest which gives you limited access to view most discussions, articles and access our other FREE features. By joining our free community you will have access to ask questions and reply to others posts, upload your own photos and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact contact support.

Go Back   Home » Vista Banter forum » Microsoft Windows Vista » Security and Windows Vista
Site Map Home Register Authors List Search Today's Posts Mark Forums Read Web Partners

Security and Windows Vista A forum for discussion on security issues with Windows Vista. (microsoft.public.windows.vista.security)

LockWorkStation and WTSLogoffSession return error code 5 in a Vist



 
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old February 4th 10, 10:21 AM posted to microsoft.public.windows.vista.security
Santosh Panchapakesan
external usenet poster
 
Posts: 2
Default LockWorkStation and WTSLogoffSession return error code 5 in a Vist

Hi,

I have written a service with "requestedExecutionLevel
level="highestAvailable" " in the manifest file. In the service I call into
LockWorkStation or WTSLogoffSession, which do not seem to be working on
Vista. GetLastError to both the functions returns error code 5.

Is there anything that I need to do.

Please help.

Thanks,
Santosh
  #2 (permalink)  
Old February 5th 10, 10:48 AM posted to microsoft.public.windows.vista.security
Andrew McLaren
external usenet poster
 
Posts: 46
Default LockWorkStation and WTSLogoffSession return error code 5 in aVist

On 4/02/2010 22:21, Santosh Panchapakesan wrote:
I have written a service with "requestedExecutionLevel
level="highestAvailable" " in the manifest file. In the service I call into
LockWorkStation or WTSLogoffSession, which do not seem to be working on
Vista. GetLastError to both the functions returns error code 5.


It sounds like your Service is attempting to perform these actions (lock
workstation, logout) for the interactive user, right?

In Windows Vista and higher, Services do not run in the same Session as
the logged-in user. Services run in Session 0; and users are in
Sesssions 1, 2 3 and so on. So your Service cannot just cross session
boundaries and log off a user in another session - that would be a
security violation. Hence the Access Denied error.

Start by reading this paper, and then redesign your Service accordingly:

http://www.microsoft.com/whdc/system...n0Changes.mspx

It may require more that just changing one or two lines of code; you may
need to re-architect the whole thing.

A few other references:

http://windowsteamblog.com/blogs/dev...isolation.aspx

http://msdn.microsoft.com/en-us/library/bb756986.aspx

http://channel9.msdn.com/posts/Charl...-with-Desktop/

Hope it helps,

Andrew

--
amclar at optusnet dot com dot au
  #3 (permalink)  
Old February 5th 10, 10:48 AM posted to microsoft.public.windows.vista.security
Andrew McLaren
external usenet poster
 
Posts: 46
Default LockWorkStation and WTSLogoffSession return error code 5 in aVist

On 4/02/2010 22:21, Santosh Panchapakesan wrote:
I have written a service with "requestedExecutionLevel
level="highestAvailable" " in the manifest file. In the service I call into
LockWorkStation or WTSLogoffSession, which do not seem to be working on
Vista. GetLastError to both the functions returns error code 5.


It sounds like your Service is attempting to perform these actions (lock
workstation, logout) for the interactive user, right?

In Windows Vista and higher, Services do not run in the same Session as
the logged-in user. Services run in Session 0; and users are in
Sesssions 1, 2 3 and so on. So your Service cannot just cross session
boundaries and log off a user in another session - that would be a
security violation. Hence the Access Denied error.

Start by reading this paper, and then redesign your Service accordingly:

http://www.microsoft.com/whdc/system...n0Changes.mspx

It may require more that just changing one or two lines of code; you may
need to re-architect the whole thing.

A few other references:

http://windowsteamblog.com/blogs/dev...isolation.aspx

http://msdn.microsoft.com/en-us/library/bb756986.aspx

http://channel9.msdn.com/posts/Charl...-with-Desktop/

Hope it helps,

Andrew

--
amclar at optusnet dot com dot au
 




Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT. The time now is 08:47 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.Search Engine Optimization by vBSEO 3.0.0 RC6
Copyright 2004-2019 Vista Banter.
The comments are property of their posters.