I have a small tray app which should inform the user about start and stop of an execution of an other process running under local system account. The process running with local system account is called by another service (not owned by me). "My service process" is always running just for a short time. So I can not implement a wcf callback handling. Everything works fine on my machine. But it is not running at the customer side.
The problem (exception) which occurs at the customer side is something like "there is no endpoint listening on net.pipe..."
But the tray is running.
I created a test app (console) to communicate with the tray. This works fine.
If I start this test app with psexec -I ... to run it with a local system account it is also running.
I have no idea about possible reasons and so I have two questions:
is it "allowed" to host a wcf service in a tray app (running in user context) and call it by a process running in local system account?
if yes, is there a possible policy/security setting which can prevent this functionality?
The only workaround I could think off is to create a helper service which I can use as some kind of a broker (connect from tray with a callback interface which could be used by the other process). But this seems to be a big overhead...
The answer is, it is not possible.
The reason is explained here: Connecting via named pipe from windows service (session#0) to desktop app (session #1)
It looks like my test was successful, because psexec was still running in session #1.
My implementation is now using the already above described workaround
Related
I have a bat file which is installed as a service. I can run the service on a remote box. This service needs to launch another application. The launched application needs to be visible(run in foreground). Currently the launched application is running in background as the windows service is running in background. How can i make the windows service or both the windows service and the application that it launches run in foreground? I intend to manage the service with the ServiceController class in C#.
I think you should probably read
http://asprosys.blogspot.com.au/2009/03/allow-service-to-interact-with-desktop.html
Making a service to just launch another app is a real security issue, what if your other app gets replaced with something else do you have all the checks in your Service to ensure your app is the app you think it is.
A proper approach is to launch the second application in the user's session, while your Windows service app always runs in session 0.
The approach has been part of my discussion with #RaheelKhan under this thread,
How reliable is adding an application manifest to ensure elevated privileges across windows xp, vista and 7?
It requires proper understanding of Windows sessions, session isolation, and platform invoke.
I have WCF service which launches the remote process from Process.Start successfully on stand alone machine where this WCF service is hosted/deployed and developed.
I deployed this as whole service on another machine, and run the service on that machine as well, execute the service on the same code area which launches the process remotely, here it failed, Strange behavior.
I checked the process state stand alone , and launched the process normally, it executed fine and shown the message box inside that process which was written there. BUT when this process launched via WCF call from code, process didn't launched in interactive manner, Task Manager shown the launched process, but its console not shown, nor any message box shown . ANY IDEA ? or WAY AROUND?
Note : This behavior is observed when WCF service deployed completely with all binaries on another machine
Regards
Ehsank
Services should generally not have any user interface. The same thing goes for processes that services might start.
It works on your development machine because you are developing/debugging it with a valid, active logged-on user (you). the same is not the case when running as a more traditional service on a normal server.
Is it possible to spawn a process on a remote server, from a WCF service hosted as Windows Managed Service, when the service is running as LocalSystem?
I need people to be able to execute things on remote servers under the context of their own accounts (basically like PSExec - which isn't an option).
I've made some half-hearted attempts to do this before, but when using process.start, cannot get the process to run as a specific user, if the Windows service hosting the WCF component is running as LocalSystem.
I know this can be acheived by other methods, but I specifically would like to know if the above is achievable - Windows service running as LocalSystem & hosting WCF service, then spawning a process as a specified user.
Thanks
Mick
You could use the Process.Start method which allows you to specify the user under which the process will run.
I currently have a WCF Service Library which will be started through a Console Application acting as ServiceHost. The ServiceHost starts the service and then waits with Console.ReadLine() for the "quit" command. If i do "Console.WriteLine();" in the service this will be printed to the ServiceHosts Console of course. The Service prints some information when the clients connect for example.
Is it possible to have the ServiceHost converted to a real Windows Service (to start up when the machine boots without console window) and attach or detach a command prompt (cmd.exe) or another Console Application to it when needed? For example if I want so see which clients connect from now on?
Thanks in advance!
EDIT: I really woudln't like to write and read a LogFile.
Only if you run on an old operating system, XP is the last one that allows a service to interact with the desktop. You'll need to write a separate app that can run on the user's desktop. Talk to the service through, well, WCF. Or a named pipe or socket.
You would be far better off exposing the properties and methods you wish to access on the WCF Service and then creating a console or desktop application that allowed you to access the properties via the WCF service. As you are not limited to a single End Point or interface you could easily implement some form of authentication and use netTcp binding between applications.
We have to run a process from a windows service and get a screenshot from it.
We tried the BitBlt and PrintWindow Win32 calls, but both give blank (black) bitmaps.
If we run our code from a normal user process, it works just fine.
Is this something that is even possible? Or could there be another method to try?
Things we tried:
Windows service running as Local System, runs process as Local System -> screenshot fails
Windows service running as Administrator, runs process as Administrator -> screenshot fails.
Windows application running as user XYZ, runs a process as XYZ -> screenshot works with both BitBlt or PrintWindow.
Tried checking "Allow service to interact with desktop" from Local System
We also noticed that PrintWindow works better for our case, it works if the window is behind another window.
For other requirements, both the parent and child processes must be under the same user. We can't really use impersonation from one process to another.
Currently i can't find the corresponding links, but the problem is, that a windows service runs in another session than a normal user application.
In XP this was not fully true. Here are all services started in Session 0 and the first user who logs into the system will also run in Session 0. So in that case, tricks like Allow service to interact with desktop work. But if you fast switch to another user he gets the Session 1 and has no chance to interact with the service directly. This is also true if you connect through RDP to a server version (like 2003 or 2008). These logins will also start in a session higher than 0.
Last but not least there is another drawback by using the interaction with the desktop:
If you enable this option and your service is running under the (default) SYSTEM account it won't be able to create a network connection anymore.
The correct way to get a custom GUI that works with a service is to separate them into two processes and do some kind of IPC (inter process communication). So the service will startup when the machine comes up and a GUI application will be started in the user session. In that case the GUI can create a screenshot, send it to the service and the service can do with it, whatever you like.
Have you tried to run as Local System with the "Allow service to interact with desktop" checked?
I don't think this is possible.
We had to change our scenario where our application wasn't started from a service, but was a standard windows program that has a NotifyIcon in the corner.
If someone still finds a real answer, let me know.
It works using Local System with the "Allow service to interact with desktop"
You can set it programatically using this sample code:
http://www.vbforums.com/showthread.php?t=367177 (it's vb.net but very simple)