I couldn't get this to work for me, I'm new to C# so maybe I'm doing something wrong, here's the code

using System;
using murrayju.ProcessExtensions;

namespace spawnproc
{
    class Program
    {
        static void Main()
        {
            Console.WriteLine("Starting calc.exe");
            ProcessExtensions.StartProcessAsCurrentUser("calc.exe");
        }
    }
}

trying to run this will return the following error, with exit status code 255

Unhandled Exception: System.Exception: StartProcessAsCurrentUser: CreateProcessAsUser failed.

   at murrayju.ProcessExtensions.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible)
   at spawnproc.Program.Main()

I'm sure I'm not doing something correct, here is what I've done. I downloaded the file CreateProcessAsUser-master.zip and opened it in VS2015. I tried running it unmodified and received the message "Cannot start service from the command line or a debugger. A Windows Service must first be installed and then started ..."

So I created a service with Powershell and changed the first line below to the second:

this.ServiceName = "Service1";
this.ServiceName = "AdminService";

and I get the same error. I wanted to get the demo working before I tried to use this with an MVC website and wrap it in an Invoke-Command powershell command similar to this https://rzander.azurewebsites.net/create-a-process-as-loggedon-user/ . I've searched and it appears the demo works for everyone.

Could my (work) environment be configured incorrectly, not allowing this demo project to work? I am an admin on this box.

if (!GetSessionUserToken(ref hUserToken)) is equal to {0}

[edit: a little more information]

When using the powershell link above and inside of a powershell IDE, I get the following error

Exception calling "StartProcessAsCurrentUser" with "1" argument(s): "StartProcessAsCurrentUser: GetSessionUserToken failed."
At C:\Users\xxx\AppData\Local\Temp\2\6ca92ace-e967-4153-a04c-eab859a2430f.ps1:292 char:1

• [procs.ProcessExtensions.ProcessExtensions]::StartProcessAsCurrentUse ...

•   + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : Exception
  

Hi!, thank you for the code, is awesome. I would like to pass some parameters to a process (.exe) that I invoke with StartProcessAsCurrentUser function. Do you know how to pass parameters to a program with that function?

Thanks a lot.

I have try your function in a powershell script in system account this work great but when I deploy my script via a SCCM pplication I can't create a user process, somebody have the same problem?

Hi all,

I've had great success so far with this script but am currently having issues using it to call Wscript.exe. I have something that looks like the following,

[Runasuser.ProcessExtensions]::StartProcessAsCurrentUser("$env:windir\System32\wscript.exe", "c:\temp\test.vbs")

In my mind this is meant to launch wscript with arg[1] as the input script however what happens is that Wscript is launched as if there were no input parameters. What am I missing here? Has anyone had success using wscript/cscript with this setup?

All responses are much appreciated

Hi,
It it possible to add redirection of the output and the error stream?

Thanks

Hi,

I was trying to write a simple wrapper like you have here with DemoService but using TopShelf. Unfortunately, I cannot get it working. What I have is very simple:

class Program
    {
        static void Main(string[] args)
        {
            var rc = HostFactory.Run(x =>
            {
                Console.WriteLine("in run...");
                x.Service<ServiceWrapper>(m =>
                {
                    m.ConstructUsing(name => new ServiceWrapper());
                    m.WhenStarted((wrapper) => { Console.WriteLine("starting service..."); wrapper.Start(); });
                    m.WhenStopped((wrapper) => { wrapper.Stop(); });
                });

                x.EnableServiceRecovery(r =>
                {
                    r.RestartService(0);
                    r.RestartService(1);
                    r.RestartService(1);
                    r.SetResetPeriod(1);
                });

                x.RunAsLocalService();
                x.SetDescription("DemoServiceTopShelf");
                x.SetDisplayName("DemoServiceTopShelf");
                x.SetServiceName("DemoServiceTopShelf");
                x.OnException(ex =>
                {
                    Console.WriteLine("exception {0}", ex.Message);
                });

            });

            var exitCode = (int)Convert.ChangeType(rc, rc.GetTypeCode());
            Environment.ExitCode = exitCode;
        }
    }

    class ServiceWrapper
    {
        public ServiceWrapper() {  }
        public void Start()
        {
            Console.WriteLine("Trying to launch calc.exe");
            ProcessExtensions.StartProcessAsCurrentUser("calc.exe");
        }
        public void Stop() { }
    }

So, I'm running VS as Administrator, and if I run this, the WTSQueryUserToken( ) call always returns zero.

So, I figured maybe I have to install the service first. TopShelf builds command line params for install/uninstall/start, etc. of the service. It installs fine:

DMSMonitorSvc.exe install
in run...
Configuration Result:
[Success] Name DemoServiceTopShelf
[Success] ServiceName DemoServiceTopShelf
Topshelf v4.0.0.0, .NET Framework v4.0.30319.42000

Running a transacted installation.

Beginning the Install phase of the installation.
Installing DemoServiceTopShelf service
Installing service DemoServiceTopShelf...
Service DemoServiceTopShelf has been successfully installed.

The Install phase completed successfully, and the Commit phase is beginning.

The Commit phase completed successfully.

The transacted install has completed.

If I try to start it in the Services tool, it fails with Windows could not start the DemoServiceTopShelf service on Local Computer. Error 5: Access is denied.

In event viewer, I see these events got logged related to it:

Special privileges assigned to new logon.

Subject:
	Security ID:		SYSTEM
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3E7

Privileges:		SeAssignPrimaryTokenPrivilege
			SeTcbPrivilege
			SeSecurityPrivilege
			SeTakeOwnershipPrivilege
			SeLoadDriverPrivilege
			SeBackupPrivilege
			SeRestorePrivilege
			SeDebugPrivilege
			SeAuditPrivilege
			SeSystemEnvironmentPrivilege
			SeImpersonatePrivilege
			SeDelegateSessionUserImpersonatePrivilege

And this event log:

An account was successfully logged on.

Subject:
	Security ID:		SYSTEM
	Account Name:		DESKTOP-F26HMBM$
	Account Domain:		WORKGROUP
	Logon ID:		0x3E7

Logon Information:
	Logon Type:		5
	Restricted Admin Mode:	-
	Virtual Account:		No
	Elevated Token:		Yes

Impersonation Level:		Impersonation

New Logon:
	Security ID:		SYSTEM
	Account Name:		SYSTEM
	Account Domain:		NT AUTHORITY
	Logon ID:		0x3E7
	Linked Logon ID:		0x0
	Network Account Name:	-
	Network Account Domain:	-
	Logon GUID:		{00000000-0000-0000-0000-000000000000}

Process Information:
	Process ID:		0x2b0
	Process Name:		C:\Windows\System32\services.exe

Network Information:
	Workstation Name:	-
	Source Network Address:	-
	Source Port:		-

Detailed Authentication Information:
	Logon Process:		Advapi  
	Authentication Package:	Negotiate
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The impersonation level field indicates the extent to which a process in the logon session can impersonate.

The authentication information fields provide detailed information about this specific logon request.
	- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
	- Transited services indicate which intermediate services have participated in this logon request.
	- Package name indicates which sub-protocol was used among the NTLM protocols.
	- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

I have searched through past issues related to the Access Denied, but I don't see a concrete solution here. It is worth noting if you clone this repo and run the .bat scripts, it does work for me on the same machine.

Any insight into what might be going wrong?

This helped me a lot, just wanted to say thanks!

I keep getting:

Exception calling "StartProcessAsCurrentUser" with "1" argument(s): "Arithmetic operation resulted in an overflow."

running this:

[murrayju.ProcessExtensions.ProcessExtensions]::StartProcessAsCurrentUser("C:\Windows\System32\WindowsPowershell\v1.0\Powershell.exe")

Hi Friends,

I am trying to write a windows service that will reconnect the vpn connection if disconnected, I have implemented your code, and it is working fine only when the users logs in immediately. Otherwise if no user is logged in to windows the service will not start. [see attached event viewer error]

I have tried delayed start, restart service after some time, but non works without users being logged in.
Is there any way to bypass that or something. I have done some reading, what about using CreateProcessWithLogonW, instead of CreateProcessAsUser. anyone tried anything like that.
Thank you very much in advance guys,

Kind Regards
Fatos, Kosovo

WTSEnumerateSessions parameter ppSessionInfo must be freed by WTSFreeMemory.

See:
https://msdn.microsoft.com/en-us/library/aa383833(v=vs.85).aspx
https://msdn.microsoft.com/en-us/library/aa383834(v=vs.85).aspx

I had run your program it successfully started with local system account but didn't work with specific user account. I get the following exception in the event viewer,

Service cannot be started. System.Exception: StartProcessAsCurrentUser: GetSessionUserToken failed.
at murrayju.ProcessExtensions.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible) in c:\Users\indianic\Downloads\CreateProcessAsUser-master\CreateProcessAsUser-master\ProcessExtensions\ProcessExtensions.cs:line 224
at demo.DemoService.OnStart(String[] args) in c:\Users\indianic\Downloads\CreateProcessAsUser-master\CreateProcessAsUser-master\DemoService\DemoService.cs:line 15
at System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)

Thanks.

Hi, I got the sample working fine under a service, but not when running as a normal app. So I understand there's a few more tokens as described here

https://devblogs.microsoft.com/oldnewthing/20190531-00/?p=102532
https://stackoverflow.com/questions/42717691/wtsqueryusertoken-returning-false

I'm just curious, why not set put this code in when WTSQueryUserToken fails?

I modified DemoService to run ProcessExtensions.StartProcessAsCurrentUser("cmd.exe", "/d /s /c \"node Path\\To\\file\""), I have installed it and it works perfect,

So I made an executable to receive the route to execute as a parameter by this way

private static int RunAndReturnExitCode(RunVerb opts)
{
    string command = opts.commands.FirstOrDefault();
    Console.WriteLine(command); // This prints -> node Path\To\file 
    if (command == null || command == "")
    {
        return 1;
    }

    ProcessExtensions.StartProcessAsCurrentUser("cmd.exe", $"/d /s /c \"{command}\"");
    return 0;
}

I launch a CMD as System user using psexec with this command PsExec64.exe -i -s cmd.exe and at runnning the command CreateProcessAsUserCMD.exe --run "node Path\To\file" it responses an error

System.Exception: StartProcessAsCurrentUser: CreateProcessAsUser failed.  Error Code -2
   en murrayju.ProcessExtensions.ProcessExtensions.StartProcessAsCurrentUser(String appPath, String cmdLine, String workDir, Boolean visible) en C:\GitHub\CreateProcessAsUser\ProcessExtensions\ProcessExtensions.cs:l�nea 249
   en CreateProcessAsUserCMD.Program.RunAndReturnExitCode(RunVerb opts)
   en CreateProcessAsUserCMD.Program.<>c.<Main>b__0_0(RunVerb opts)
   en CommandLine.ParserResultExtensions.MapResult[TSource,TResult](ParserResult`1 result, Func`2 parsedFunc, Func`2 notParsedFunc)
   en CreateProcessAsUserCMD.Program.Main(String[] args)

I have tried to launch the executable from an installed service but it responses the same error.

In this line
if (WTSQueryUserToken(activeSessionId, ref hImpersonationToken) != 0)

the method WTSQueryUserToken return 0

if (WTSQueryUserToken(activeSessionId, ref hImpersonationToken) != 0)
{
// Convert the impersonation token to a primary token
bResult = DuplicateTokenEx(hImpersonationToken, 0, IntPtr.Zero,
(int)SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation, (int)TOKEN_TYPE.TokenPrimary,
ref phUserToken);

        CloseHandle(hImpersonationToken);

}

WTSQueryUserToken return 0 and it fails to start process.

I wonder if it would be possible to start the service and that service would start a process in session 1 weather or not user have logged on. The is one sample http://www.codeproject.com/Articles/35773/Subverting-Vista-UAC-in-Both-and-bit-Archite
That works win the following manner unfortunately starts the service as LocasService user which brings limitation.
My windows and c# is none existent . This is not the issue but a cry for help or at least guidance :)

Thanks in advance.

Hello.
Downloaded your project, unziped and compiled.
Added to windows services and after launching it was stoped.
Created windows form project with using ProcessExtension and started debug to find where is the problem.
Got Exception("StartProcessAsCurrentUser: GetSessionUserToken failed.");
As i undestand it's happening because application wasn't running within the context of the LocalSystem Account.

I can't debug the service as it crashes immediately.
How fix it?

Great code worked perfectly,

I have need to run a program as Administrator. Here's what I am doing: A windows service running as Local System, launches an application on some event (USB related) which needs to run as admin, this program has a taskbar icon and other dialogs. The user logged in is also admin. I was able to drop in this code and it launched the program, the program was not able to access the admin parts.

First of all hanks a lot for your hard work.
But I got some errors, home you can help.

I run asp.net website on IIS as a service with Identity: LocalSystem
and I got this error "StartProcessAsCurrentUser: GetSessionUserToken failed"
on the next line:
uint dwCreationFlags = CREATE_UNICODE_ENVIRONMENT | (uint)(visible ? CREATE_NEW_CONSOLE : CREATE_NO_WINDOW);

Maybe can you help? Thanks

When multiple sessions exist, it should be possible to target a specific session, based on the session's username.

i want to run my wpf application through CreateProcessAsUser but its not running. why?
ProcessExtensions.StartProcessAsCurrentUser(@"C:\Program Files (x86)\myapp\WpfClient.exe");

Please provide need full help.
Thanks

Hi,
Can you add an option to run the file with highest privileges (like "Run as Administrator")?

like in here:
http://www.codeproject.com/Articles/35773/Subverting-Vista-UAC-in-Both-and-bit-Archite

Thank you in advance

I could not handle to handle creating process with arguments. For example: I wanna create process with portable chrome. But i wanna open a html file in kiosk mode. How can i open sample.html file in portable chrome exe with --kiosk argument?

I am running a program in SYSTEM user context and want to user StartProcessAsCurrentUser to initiate a new instance of the same program but in logged-in user context. When I call StartProcessCurrentUser, "StartProcessAsCurrentUser: CreateProcessAsUser failed." error is raised and quitting. What could be wrong?
I am obtaining a user token with the code below and passing it to CreateProcessAsUser:
hUserToken = WindowsIdentity.GetCurrent().Token;

Hi,
can you tell me how I can run Process with arguments?? I want run process under windows service, this process is WinForm and in Program.cs i use string[] args and set few options and when I example use s / stream ex. PrGP.exe -s then I want run one window in this program, when I use k / kurs ex. PrGP.exe -k then I want run different window in this program. When I use normal cmd then is ok, but when I try use your class like: ProcessExtensions.StartProcessAsCurrentUser("C:\OK\PrGP.exe", "-s") then this dont works :( im trying too like this ProcessExtensions.StartProcessAsCurrentUser("cmd", string.Format("{0} -s", "C:\OK\PrGP.exe")) and too dont work. Link to class -> https://github.com/murrayju/CreateProcessAsUser now class Program in program where I choose windows looks like that http://screenshooter.net/102681996/xmmaqgr and here I try run like this: screenshooter.net/102681996/yrgurgq

ok problem solved, I had an error in the path of the setup program :)

I wan't to use this to my project, but I am unable , because DLL is targeting .NET 4.5, and my project .net 4.0

Is it possible to target .net 4.0 as well?

Hi,
I try use this code in my program (C# console application,Visual Studio 2013) but when I try to build it, i get error:
'CreateProcessAsUser': member names cannot be the same as their enclosing type.

What I should to do to fix this ?

Hi There,

I was wondering how is it possible to wait the process that has been started to exit and return the exit code, instead of process ID?