Home > Net >  How to reliably get LOGON USER name/sid from a process running as SYSTEM?
How to reliably get LOGON USER name/sid from a process running as SYSTEM?

Time:01-18

I have an app that runs (on the interactive desktop) as SYSTEM. The app needs to start a browser or email client AS THE CURRENTLY LOGGED-IN USER.

I thought I could just go look at the desktop, windows station, or session, and be able to determine which user's logon desktop I was running in. However, when I got user information from desktop, windows station, and session, they all seemed to be special accounts (e.g. "LogonSessionId_0_4005652").

The one approach that seemed promising was calling WTSQuerySessionInformationW(WTS_CURRENT_SERVER_HANDLE, WTS_CURRENT_SESSION, WTSUserName, ...). That yielded the logon user's name, and I could call LookupAccountNameW() to get the SID.

This bit from Microsoft's documentation on WTSQuerySessionInformationW makes me a bit uncomfortable though...

Retrieves session information for the specified session on the specified Remote Desktop Session Host (RD Session Host) server. (emphasis mine)

...and also...

If Remote Desktop Services is not running, calls to WTSQuerySessionInformation fail.

I seem to remember that Home editions previous Windows releases didn't support Remote Desktop. Our app targets Windows 10 and 11. Can I be certain that the WTSQuerySessionInformationW call will work for all users?

CodePudding user response:

ProcessIdToSessionId on yourself and then WTSQueryUserToken should give you a token you can use with CreateProcessAsUser.

Another alternative is FindWindow to find the taskbar and duplicate the Explorer.exes token. This will not work if Explorer is not running.

  • Related