how to get session changes using windows service - windows

I want to develop a c++ service to get notified whenever user does login or logoff the system. I went through some functions but those are asking for windows handle. Since it is a service, which windows API will be useful for this?

Related

Start up or register a Windows Service without having to enter user credentials during start up or installation

We have written a Windows Service that is planned to be deployed to many or all client windows machines in a company. For technical reasons this service has to be run under the logged in user (i.e. not under LocalSystem or any Service Account).
Furthermore it's a requirement that our software has to be deployed using an installer that requires no user interaction (e.g. silent mode is fully supported).
We now face the problem that we are unable to install our service without having the user to provide it's credentials.
My question now is:
Is it possible somehow either during the installation process or in a start up script of the end user to have a service registered or started up without having to enter the users credentials?
If that is not possible (which I assume): Is it possible to start a process as a regular process and
have it register itself as a service at startup, so it appears in the Services panel?
Any help or idea is appreciated.

SendInput or similar from windows service (session 0) in Windows 8 to login screen

As I understand, when we start windows it starts Session 0 which does not connect to any GUI, etc. and runs all windows services. So my task is, after windows was started, emulate windows input for selecting user and login to is session. I know that for sending input from service I should run desktop app and through it send input, show GUI, so on, but how can I do it before any user session was start? (for example I see that TeamViewer can do it)
WTSGetActiveConsoleSessionId() will tell you which session is attached to the physical console.
You can then duplicate your security token with DuplicateTokenEx(), change the new token's session with SetTokenInformation() and the TokenSessionId option, and launch a process with CreateProcessAsUser().
The new process should then be running in the right session, but it may also need to attach itself to the right desktop before it can interact with the logon interface. You can use EnumDesktops() to list the available desktops, and trial and error to determine which one the logon interface runs in. (Note that this may be different in different versions of Windows.)

remote login a windows user knowing it's name and password

Here's what I want to do:
a program that listens in the network for a message, and when that message is received, if the user is not logged in (for example the computer just powered on and windows displays the classic login screen), it automatically logs in a certain user accordingly to the message. the username and password are known and stored safely inside the computer in a configuration for the program i'm talking about.
What I had in mind was a windows service that starts with the computer and also listens to those messages, and if one is received, then it does it's job
but I have no idea of where to start
(basically i'm trying to login a user without having to type the password, which I said is stored and known - need something mostly like the fingerprint software windows 7 comes with, and the ones that you had to install in vista/xp so that fingerprint login would work (fingerprint was only an example) )
There's two methods to pursue depending upon which operating system you're looking to run under.
For Windows XP, Windows 2000, and Windows Server 2003 you need to create a GINA.DLL. This is a replacement DLL which must follow specific rules which handles the authentication process. In your case your replacement DLL would be known by the service which was listening for your start signal, and it would make a call into the DLL with the username and password as appropriate.
MSDN Magazine article on customizing GINA.DLL
MSDN entry on GINA
For Windows Vista/7 and above you'll need to look into the Credential Provider API.
MSDN Magazine article on Credential Provider API in Vista.
MSDN entry on Credential Provider API
You can use windows auto logon feature to do this.
Create a service which waits for the required data on a network socket. Make sure this service is started after the network service (Tcpip). Modify winlogon service properties (manually) so that it depends on your service. By depends, I mean that winlogon service is started after your service.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\AutoAdminLogon to 1
Once you receive the data on your network socket, set the following registry keys:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultUserName
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\DefaultPassword
Once the registry settings are in place, then the winlogon service can read those values and proceed with the login process.
For more details on setting the registry values refer: http://support.microsoft.com/kb/315231
I want clarify a little the suggestion of Vikram.exe.
Of cause the usage of AutoAdminLogon seems native for the problem, but saving of the password in registry as a clear text under HKLM\...\Winlogon\DefaultPassword is not good. Since Windows 2000 it is supported the usage of the secrets DefaultPassword which makes the same effect as the DefaultPassword registry value (see Protecting the Automatic Logon Password for the code example).
Another way to force user login or to do any other actions on the login screen is switching to the Winlogon desktop (full name WinSta0\Winlogon). You can use SwitchDesktop and SetProcessWindowStation to do this (see Window Stations and Desktops). If the service run under System account you will have all rights to do this. Depend on the configuration of your service it could be also needed to use SetTokenInformation with TokenSessionId to change the current session id. After the service process will run on the WinSta0\Winlogon desktop you can use functions like FindWindow and other GUI API to place any information in controls of the window (user name, password and so on) of other process. So you can implement more complex scenarios.
Firstly let me just say im not 100% sure how to fully complete such a application but I have a few tips.
you will need to create a Windows Service that starts during the Pre-Login, you can create a service in C#, An example of creating a C# Service is linked below:
http://msdn.microsoft.com/en-us/library/zt39148a(VS.80).aspx
Within your application you would set the property Startup Type to Automatic, This will automatically start your service on boot.
You should know that windows services run under a secure context by account so you will have to get your service to run with privs do do this.
In your Service Properties you can Click Log On and you can
To specify that the service uses the Local Service account, click This account, and then type the following NT AUTHORITY\LocalService.
To specify that the service uses the Network Service account, click This account, and then type the following NT AUTHORITY\NetworkService.
As your trying to do this remotly you will have to look at WMI (Windows Management Instrumentation) and you will be able to start/stop and send commands to your service.
Your service then would send a command to the Login Management (Not Sure of the name).
you may also wish to check this WOL class which will switch the computer on remotely as long as it supports Wake On LAN, If this is for a corporate environment then I advise you to check your network cards to make sure they are supported
http://www.codeproject.com/KB/IP/wolclass.aspx
I know of some education software that I use for schools that's called CC4 ( http://www.rm.com/shops/rmshop/story.aspx?cref=PS1026195 ) and we can do exactly what you need within this system, I'm not fully sure of how it works fully but i believe it takes the same principles described above.

Debugging Topshelf service that won't run under restrictive account

I have a Windows service written using Topshelf. I'm trying to configure it to run using a Windows account with restricted privileges rather than using LocalSystem. That's also necessary as I'd like to connect to a database using integrated authentication.
The service works when run as LocalSystem (albeit with a database connection string containing credentials) and running the console application as my limited account (using runas) also works.
However, when I try to start the service the service control manager times out waiting for a response:
The service did not respond to the start or control request in a timely fashion.
I also get the following in the Application Popup event log:
Application Error : The exception unknown software exception (0xc06d007e) occurred in the application at location 0x77e4bef7.
The first thing that the application does is writes to a log file but it doesn't reach that when I start the service. The logging works if I run via the console.
Any suggestions what I might be missing or what I might try next?
This problem seems to be related to the server (a domain controller) rather than TopShelf. A service built with the .NET service component also exhibits the same behaviour.
The service runs successfully on a different machine (in the same domain).
Unfortunately this doesn't help diagnose the problem but gives me an acceptable workaround.
Check the MSDN article Debugging windows services which describes how you debug windows services.
I've just started seeing this on a few of my services written in .net 2.0. They'll start fine when the server boots, but if I were to restart them throughout the day, they would not start, and give this error message.
They currently ran under a domain account which has admin rights on the box, but for kicks, I switched it to Local System, and the service started normally. I stopped it, changed it back to the domain account (reentering the password), and it started normally again as expected.
Don't know if this counts as a 'fix' so much, but that's what worked for me.

Bypassing Windows Credentials using Windows Service

I have a Windows service and need to supply credentials to the windows logon screen through this service when the computer is in locked state. Is it possible to provide credentials to this screen through windows service?
I read somewhere about the GINA provided by windows but do not want to use it as it accounts for overhead as well as is deprecated in Vista. Is there any other alternative to it?
You can't "bypass" log on, but you can implement a Credential Provider.

Resources