Thread: LockWorkStation and WTSLogoffSession return error code 5 in a Vist
View Single Post
  #2 (permalink)  
Old February 5th 10, 10:48 AM posted to microsoft.public.windows.vista.security
Andrew McLaren
external usenet poster
  
Posts: 46
Default LockWorkStation and WTSLogoffSession return error code 5 in aVist
On 4/02/2010 22:21, Santosh Panchapakesan wrote:
I have written a service with "requestedExecutionLevel
level="highestAvailable" " in the manifest file. In the service I call into
LockWorkStation or WTSLogoffSession, which do not seem to be working on
Vista. GetLastError to both the functions returns error code 5.

It sounds like your Service is attempting to perform these actions (lock
workstation, logout) for the interactive user, right?

In Windows Vista and higher, Services do not run in the same Session as
the logged-in user. Services run in Session 0; and users are in
Sesssions 1, 2 3 and so on. So your Service cannot just cross session
boundaries and log off a user in another session - that would be a
security violation. Hence the Access Denied error.

Start by reading this paper, and then redesign your Service accordingly:

http://www.microsoft.com/whdc/system...n0Changes.mspx

It may require more that just changing one or two lines of code; you may
need to re-architect the whole thing.

A few other references:

http://windowsteamblog.com/blogs/dev...isolation.aspx

http://msdn.microsoft.com/en-us/library/bb756986.aspx

http://channel9.msdn.com/posts/Charl...-with-Desktop/

Hope it helps,

Andrew

--
amclar at optusnet dot com dot au