Search code examples
pythonwindowspy2exepywin32windows-task-scheduler

Create a window on user display from System account

I have a pywin32 application that I am running from a schtask that triggers at system startup. The task runs from the SYSTEM account so that it will run on any account logged in.

The application runs as expected (upon system startup) and reads/writes to disk, however the application's window will not show up on any user's account after login, even though the window is not created until a user logs in.

import os
r = os.popen('quser console')
u = r.read()
if u:  #(variables previously initialized)
    self.hwnd = CreateWindow( mywinclass, "MyApp", style, \
          0, 0, win32con.CW_USEDEFAULT, win32con.CW_USEDEFAULT, \
          0, 0, hinst, None)

The window displays fine when running the app from a logged in user's console, but no window when initiated from the schtask.

My log indicates self.hwnd is a normal handle and CreateWindow shows no errors from GetLastError().

The task indicates no GDI objects in task manager when running from SYSTEM account, but of course shows objects when running from a logged in users console.

Is it possible to create a window from the SYSTEM account for a logged in user? How would I do this so that the app will run (either on startup or on logon trigger) for all users, but elevated privileges (so it will display for non-admin, but not allow him to delete the task)?

Solution

  • Okay, I now realize the security feature of session 0 isolation will not allow me to do what I want (create a UI window for a user from a sysem account) for good reasons. This Q/A helped me to understand the concept better.

    I believe my options are to create a service or app with no UI that saves data to a readonly file, then another app that reads the data for the user on his UI. The service will run automatic with elevated privileges and can't be killed by any user (except admin).

    The other option is to create an app as before, use schtasks on startup with SYSTEM account that does the same.

    I think either option will need a separate app (run with user account) that just reads the data created by the higher privilege service/app, allowing the user to interface and take actions allowed by him.