I have a Windows Service from which I have to run a process. However, that process requires admin privileges to run. Inside Process Explorer, I see that the service does run the process but the UI for that process does not appear up.
What am I missing here? How can this be rectified?
The services run in a separate session, with a separate desktop. Think of it as if the services where running in another remote desktop session. Anything with a GUI that you start from within a service will be shown in that hidden session, which cannot be accessed.
If you're working on Windows Vista or 7, services can't interact with desktop like windows XP and they can't open a window like ordinary windows applications. They default run as Local System account which is a fully privileged account.
Related
I created a windows service and marked the CheckBox "Allow service to interact with desktop" in "Log On" tab of service properties. The service opens a windows application (.exe) but I don't know that what is the progress of the opened .exe. Is there a way that I could switched to the desktop of the service?
The service "logged on as" is "Local System"
(I am sure that the .exe is opened by the service because when I try to modify/move/delete, the message is returned that it is being used by another process)
Services do not have a desktop, so you can't switch to it. They might have very limited Windows-version-dependent access to a user's desktop, but you can't count on it and shouldn't use it.
Also, if you're running terminal services in a version of Windows that can do desktop I/O and the service is configured for it, the I/O goes to the first desktop. If that's not you, you won't see it.
I am sure that the .exe is opened by the service because when I try to modify/move/delete, the message is returned that it is being used by another process
You would need to stop the service before you can move/delete/replace the exe.
My problem: Can I run an exe (a Windows Forms application) from a Windows service? If so, how?
You should be able to use System.Diagnostics.Process.Start http://msdn.microsoft.com/en-us/library/system.diagnostics.process.start.aspx to start an executable process.
But please keep in mind that services are expected (and most often does) run in their own context. For example the service would start running as soon as windows startes and even before any user is logged on. If your service decides to start the exe when no one is logged in, you will not see the UI of the form
First for all you should say what versions of windows, for vista and later here there article, for xp you should check "allow desktop interaction" in service property, but anyway it's considered as bad and insecure practice, so by any chance you should try to avoid that.
I have a bat file which is installed as a service. I can run the service on a remote box. This service needs to launch another application. The launched application needs to be visible(run in foreground). Currently the launched application is running in background as the windows service is running in background. How can i make the windows service or both the windows service and the application that it launches run in foreground? I intend to manage the service with the ServiceController class in C#.
I think you should probably read
http://asprosys.blogspot.com.au/2009/03/allow-service-to-interact-with-desktop.html
Making a service to just launch another app is a real security issue, what if your other app gets replaced with something else do you have all the checks in your Service to ensure your app is the app you think it is.
A proper approach is to launch the second application in the user's session, while your Windows service app always runs in session 0.
The approach has been part of my discussion with #RaheelKhan under this thread,
How reliable is adding an application manifest to ensure elevated privileges across windows xp, vista and 7?
It requires proper understanding of Windows sessions, session isolation, and platform invoke.
We have to run a process from a windows service and get a screenshot from it.
We tried the BitBlt and PrintWindow Win32 calls, but both give blank (black) bitmaps.
If we run our code from a normal user process, it works just fine.
Is this something that is even possible? Or could there be another method to try?
Things we tried:
Windows service running as Local System, runs process as Local System -> screenshot fails
Windows service running as Administrator, runs process as Administrator -> screenshot fails.
Windows application running as user XYZ, runs a process as XYZ -> screenshot works with both BitBlt or PrintWindow.
Tried checking "Allow service to interact with desktop" from Local System
We also noticed that PrintWindow works better for our case, it works if the window is behind another window.
For other requirements, both the parent and child processes must be under the same user. We can't really use impersonation from one process to another.
Currently i can't find the corresponding links, but the problem is, that a windows service runs in another session than a normal user application.
In XP this was not fully true. Here are all services started in Session 0 and the first user who logs into the system will also run in Session 0. So in that case, tricks like Allow service to interact with desktop work. But if you fast switch to another user he gets the Session 1 and has no chance to interact with the service directly. This is also true if you connect through RDP to a server version (like 2003 or 2008). These logins will also start in a session higher than 0.
Last but not least there is another drawback by using the interaction with the desktop:
If you enable this option and your service is running under the (default) SYSTEM account it won't be able to create a network connection anymore.
The correct way to get a custom GUI that works with a service is to separate them into two processes and do some kind of IPC (inter process communication). So the service will startup when the machine comes up and a GUI application will be started in the user session. In that case the GUI can create a screenshot, send it to the service and the service can do with it, whatever you like.
Have you tried to run as Local System with the "Allow service to interact with desktop" checked?
I don't think this is possible.
We had to change our scenario where our application wasn't started from a service, but was a standard windows program that has a NotifyIcon in the corner.
If someone still finds a real answer, let me know.
It works using Local System with the "Allow service to interact with desktop"
You can set it programatically using this sample code:
http://www.vbforums.com/showthread.php?t=367177 (it's vb.net but very simple)
Simple exe for a tray icon, that works fine independently
I call it using a windows service, and it seems to run(in task manager) but it dosnt seem to exec any code. ie no tray icon etc.
On Vista and Windows 2008, services run in a different session than the user -- any EXE that a service runs will run in the same session as the service. Before Vista, you need to check the "Allow Service to interact with desktop" box, otherwise the same thing applies.
This means that your tray icon EXE isn't able to interact with the user's desktop. You need to look at using CreateProcessAsUser to run the EXE in the correct session.
This blog post is aimed at people using ConfigMgr OS Deployment, but it contains a good list of the steps needed to run a process in another session. There are some non-obvious steps that you need to take or things fail in weird ways.