Why does CreateProcessAsUser require an interactive window station in Vista / Windows 7?

Question

Why does CreateProcessAsUser require an interactive window station in Vista / Windows 7?

I had to delve into this because code that worked perfectly in Windows 2003 / XP does not work in Windows 7. An application running using CreateProcessAsUser with error 0xc0000142. The difference between my old code and one of the available MSDNs in Starting an Interactive Client Process in C ++ is that I did not set privileges for both Window Station and the desktop. I updated my code in accordance with the example, but I would really like to understand what change in the new Windows led to what the processes in the interactive Window-station required?

+3

windows-7 process winapi windows-vista impersonation

Oleg Zhylin Oct 12 '09 at 20:48

source share

1 answer

Eric brown · Answer 1 · 2009-10-27T18:34:08+0000

At least part of the requirements arises from a change to start interactive processes in another session from services. This was done so that applications could not launch attacks such as "break" into privileged services. Further information is available here .

Why does CreateProcessAsUser require an interactive window station in Vista / Windows 7?

More articles: