3 Replies - 991 Views - Last Post: 07 December 2012 - 04:13 PM Rate Topic: -----

#1 chipicau  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 48
  • Joined: 15-May 12

Impersonation

Posted 03 December 2012 - 03:16 PM

Hello.

I am creating a program that is set to run as the LocalSystem (NT AUTHORITY\SYSTEM) account, and it works flawless, but there comes a time where I need to change some user settings, in which I impersonate the current active user and write those changes to the registry using SystemParametersInfo API. While the changes do get written to the registry, they aren't updated until a system reboot is done.
I know there's a way to update those changes without a system reboot because if I were to run the same code in a normal user process, it would work and the changes would be immediate.
Here's my code:

HANDLE htoken1;
WTSQueryUserToken(WTSGetActiveConsoleSessionId(), &htoken1); //to get the current active user token
HANDLE htoken2;
DWORD size = sizeof(htoken2);
int test1 = GetTokenInformation(htoken1, TokenLinkedToken, &htoken2, size, &size); //to convert the user token to an elevated one
CloseHandle(htoken1);
HANDLE htoken3;
int test2 = DuplicateTokenEx(htoken2, TOKEN_ALL_ACCESS, NULL, SecurityImpersonation, TokenImpersonation, &htoken3); //to convert the elevated user token to an impersonation token, so it can be used for the actual impersonation
CloseHandle(htoken2);



Everything works until now...
I even tried two ways to impersonate the user, but they both come out the same:

1# method:
ImpersonateLoggedOnUser(htoken3);
CloseHandle(htoken3);



2# method:
SetThreadToken(NULL, htoken3);
CloseHandle(htoken3);



And now comes the actual registry change:

DWORD value = 17
SystemParametersInfo(SPI_SETMOUSESPEED, NULL, (void*)&value, SPIF_UPDATEINIFILE | SPIF_SENDWININICHANGE);



From this point, I check the respective registry section (HKEY_CURRENT_USER\Control Panel\Mouse) for the current user and the changes are there, but the mouse sensitivity isn't updated without a system reboot.

Any ideas?
Thanks very much.

Is This A Good Question/Topic? 0
  • +

Replies To: Impersonation

#2 chipicau  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 48
  • Joined: 15-May 12

Re: Impersonation

Posted 04 December 2012 - 02:32 PM

Bump? :(
BTW, currently I am adding my program to Windows Task Scheduler for it to run as LocalSystem, and I need for the process running as LocalSystem to do code as if it was being executed by the currently logged on user. If there are any better approaches than mine feel free to share them.
Was This Post Helpful? 0
  • +
  • -

#3 Skydiver  Icon User is offline

  • Code herder
  • member icon

Reputation: 3490
  • View blog
  • Posts: 10,748
  • Joined: 05-May 12

Re: Impersonation

Posted 05 December 2012 - 06:22 AM

Is the WM_SETTINGCHANGE message actually received by all the windows after the API call? I suspect it isn't being broadcasted when the API is called from within a process that is being run as a scheduled task. Imagine the havoc that would cause while a user is actively doing something and somebody changes the windows settings in the background.

So the may question is why do even need to run as a scheduled task? It's kind of fishy that you are hiding your program there.
Was This Post Helpful? 1
  • +
  • -

#4 chipicau  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 48
  • Joined: 15-May 12

Re: Impersonation

Posted 07 December 2012 - 04:13 PM

Hey, Skydiver.
Well, I kept searching and searching and found only dead-ends. It seems that from Windows Vista and up, services/processes ran under LocalSystem privileges are no longer able to interact with the desktop, so I ended up having my program run itself under the currently active user account and communicate with the process running under LocalSystem account through named pipes.
Thank you for your help :D
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1