$theTitle=wp_title(" - ", false); if($theTitle != "") { ?>
About Virtualization, VDI, SBC, Application Compatibility and anything else I feel like
This is an often asked question but the solution is simple:
So how does it work?
First we obtain the user’s primary access token with the WtsQueryUserToken API call. To call this function successfully, the calling application must be running within the context of the LocalSystem account and have the SE_TCB_NAME privilege (LocalSystem has this privilege by default). Since the function returns a primary acces token we can just pass this to CreateProcessAsUser and voila!
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | uses JwaWinbase, JwaWtsApi32; var hToken: THandle; si: _STARTUPINFOA; pi: _PROCESS_INFORMATION; var Ret: Cardinal; sTitle: string; sMsg: string; begin ZeroMemory(@si, SizeOf(si)); si.cb := SizeOf(si); si.lpDesktop := nil; if WTSQueryUserToken(WtsGetActiveConsoleSessionID, hToken) then begin if CreateProcessAsUser(hToken, nil, 'notepad.exe', nil, nil, False, 0, nil, nil, si, pi) then begin // Do some stuff end; end; end; |
I specified WtsGetActiveConsoleSessionID as the SessionID, this function retrieves the Terminal Services session currently attached to the physical console. The physical console is the monitor, keyboard, and mouse. Note that it is not necessary that Terminal Services be running for this function to succeed. In Windows 2000 the console is always session 0 but for Windows XP/2003/Vista this can be any number. So if you want to launch a process in session 5 the code is:
1 2 3 4 5 6 7 8 | if WTSQueryUserToken(5, hToken) then begin if CreateProcessAsUser(hToken, nil, 'notepad.exe', nil, nil, False, 0, nil, nil, si, pi) then begin // Do some stuff end; end; |
WtsQueryUserToken is defined in the unit JwaWtsApi32 and WtsGetActiveConsoleSessionID is defined in the unit JwaWinBase. Both units are part of the Jedi APILibrary.
This will launch notepad in the console session but offcourse you can replace the function WtsGetActiveConsoleSessionId with a specific SessionID. Just remember that only the system account is allowed to use WtsQueryUserToken. So you will need to launch this code from a service.
Do you find this article usefull, why not leave a comment then?
5 Responses for "How to launch a process in a Terminal Session"
[…] Launch a process in a Terminal Server session (see also: https://www.remkoweijnen.nl/blog/2007/10/20/how-to-launch-a-process-in-a-terminal-session/). […]
[…] A little while ago I wrote an article on launching a process in another Terminal Session (https://www.remkoweijnen.nl/blog/2007/10/20/how-to-launch-a-process-in-a-terminal-session/). […]
[…] Remko shows us on his page how to accomplish this task. Go and learn it from here. […]
Please I need to know how to detect a concrete process running in a terminal service session (Client) and its ip address..
Thank You!
you must call the CloseHandle function to close token handle, or it will leak
Leave a reply