Search code examples
c#windowsauthenticationinteractivewinlogon

Programmatically windows logon session change


I have a windows service runs under "LocalSystem" account.

What i can do with this service:

  1. I can get active user token and start a new process to user session interactively by using CreateProcessAsUser.

  2. I can get another user token by LogonUser api, and start a new process by that user. (I know username and password of that account). Its background process running as my test user (not interactive)

I need to replace logged on user by another user that i have credentials of it. I need to switch accounts programmatically.

Can I switch to new user session (with desktop) as interactive? I have that user's username and password.

Purpose i need to do this;

I have a shared user account that is administrator in some test computers. I dont want to share account password of that user account with testers using test computers. I need them to login to their self accounts that are not administrator, after logon i will need to replace user with my shared user with my windows service.

Is this technically possible? Where should i start?


Solution

  • I could switch accounts with or without password using WTSConnectSession. If someone curious about fast switching sessions below is the code runs under windows service (LocalSystem);

    [DllImport("wtsapi32.dll", CharSet = CharSet.Auto, SetLastError = true)]
        public static extern int WTSConnectSession(int targetSessionId, int sourceSessionId, string password, bool wait);
    
    WTSConnectSession([TargetSessionId], [CurrentActiveSessionId], "", true);
    

    You can enumerate sessions with;

    [DllImport("wtsapi32.dll", SetLastError = true)]
        public static extern bool WTSEnumerateSessions(IntPtr hServer, int Reserved, int Version, out IntPtr ppSessionInfo, out int pCount);