I would like to programmatically login another windows user in interactive mode.
I've created new Windows user account and would like to switch system to that account without of user interaction.
Could you please point me to some API commands or MSDN pages?
Thanks
looks like WTSConnectSession is the right direction
If you're not talking about a Terminal Server session, you'll want LogonUser() if you're logging in as that user, or ImpersonateLoggedOnUser() if you're wanting to do something as an already-logged in user. Both can be found in Advapi32.lib.
Related
I want to do (programmatically, using WinAPI) exactly the same what Windows does when you click on 'Switch User' in the Start Menu. Namely, to show the screen where all available user accounts are listed and you can switch to another account still being logged on as the previous one. As far as I know it's called 'fast user switching'. I have no credentials, my task is to let users of my app switch to another account using their own credentials.
Also, is there a way to know, if the option is enabled in the Start menu? Because if it is not, I don't want to show the option in my app as well.
UPDATE
I have used ::ExitWindowsEx() for logging off, but there is no EWX_ flag for switching.
Regards,
It sounds like you want the WTSDisconnectSession() function:
Disconnects the logged-on user from the specified Remote Desktop
Services session without closing the session. If the user subsequently
logs on to the same Remote Desktop Session Host (RD Session Host)
server, the user is reconnected to the same session.
You use it like this:
WTSDisconnectSession(WTS_CURRENT_SERVER_HANDLE, WTS_CURRENT_SESSION, FALSE);
I have to authenticate a user entered system username and password in a custom UI, presented during the installation of my software on Mac OSx 10.9
Is there a direct way to do so?
AuthorizationCreate from "Authorization.h" seems to authenticate only for admin user credentials and not standard user credentials. Any help in this matter would be appreciated.
You start with AuthorizationCreate to give you an AuthorizationRef. Using that, call AuthorizationCopyRights with the rights you want to obtain.
Your program can check to see if the rights it is going to test is in the Authorization database and if not, it should add them. Depending upon what rights you want, you can set the rules to request the credentials of just the current user and not an administrator.
It's all explained, with code in Apple's docs here.
I would like to know if there are any API's available to switch users programmatically in windows.My application when provided with user credentials(account name & password) will try to logout any other user logged on and try to login the present user.
Any help would be greatly appreciated.
The function you are presumably looking for is LogonUser
However, you are probably better off using user impersonation in most cases.
Personally, I suspect you are likely better off user neither method and simply using security context of the running user, providing an privileged function via a windows service you wrote specifically for your application
Why don't you create a service to switch user credentials (by methods mentioned in the other answers), and install and run the service as "Administrator". From the logged in user account, you can invoke this service (Which is already running as admin), and make it switch user accounts without the permissions issue (as the service responsible to switching is already running as admin)
I want to implement a self reset password functionality for Windows 7 users. When the Logon screen prompts the domain users should be presented with a forgot password button which will open the password reset wizard. So the problem is how to add a command button to the standard windows logon screen?
I know about GINA in Windows XP as mentioned here:
Adding command button to Windows Logon screen
But this topic is 3 years old, and with Vista / Windows 7 Microsoft came up with "Microsoft Windows Credential Provider".
Those button are called "Tiles", and they are implemented in a Credential Provider. Anything you read about a Gina will not work in Vista or later.
Those tiles a created by the LogonUI.exe process, itself launched by Winlogon.exe. LogonUI.exe runs with high priviledges. You don't want to run anything there. Besides, any wizard you run will run under the system account. Security issues aside, anything that resets the password of the current user will not work.
But let's assume that you have a solution that can reset a user's password. Like a web site (or a local application) that :
Ask for the user's name
Ask some security questions
Connects to Active Directory to reset the password
Then here is a way to implement the functionality.
Create a user, a domain user if possible. Give it a name and a password easy to remember, like "reset" and "reset". Make shure that everybody knows the password.
Change the shell of that user to Internet Explorer, that you would be running in kiosk mode, pointing to your web application.
Now when someone wants to reset their password, here is what they will do :
Use the standard Windows Credential Provider, like they do every day, but with the user "reset" and the password "reset".
Instead of the normal Windows shell, they will be presented with your password reset web application.
The user resets their password and they are instructed to log off using CTRLATLDEL
They can log in with their own username and brand new password.
This idea can be improved upon if you are ready to write some code:
Instead of Internet Explorer, write a simple web application that wraps the web browser control. if the application is closed, or any other funny business, logoff.
Hack one of the Credential Provider samples to supply the well know password reset username and password, making password reset merely a click away
Change that password reset credential provider's image to reflect the password reset functionnality.
I am new to vista and not a advanced programmer. From past few days i am trying to digest many technical details about vista. But still i have few basic questions on it. Hope you all will be help me in getting the answers for my questions.
Can we create a interactive process(which is having a embedded manifest file with "invokeAsAdministrator") from a service which is running under Local system account?
Here i know about the session 0 isolation and all.Still i am asking this question because, when i create a interactive process through CreateProcessAsUser(which requires admin privileges) it is failing with error 740. While using this i have given proper session id. The session id is that of my active desktop, where my user login as administrative privilages.
If the process can be created does that show up the UAC dialog?
If the UAC dialog shows up, can we avoid this?
It is well understandable problem. Local account has no privelegies of admin. The only thing you can do is impersonation. Temporary you emulates another account (in your case it is admin). Example of this technique you can find in MSDN for topic WindowsIdentity.Impersonate ( http://msdn.microsoft.com/en-us/library/chf6fbt4.aspx )
EDIT
Sorry, only after post noticed that you use vc++,
On Win API use ImpersonateLoggedOnUser
The createprocessasuser is failing in my case because by default when we query for the user token for the users desktop session I was getting a restricted token that was created for the user (for administrators two tokens are created 1)restricted token 2) full token; any how my application can be run only by administrators).
By browsing the net i have found that i have to find for linked token and use that token for creation of process.
The code for creation of process from service can be found in the following question:
Desktop problem with using CreateProcessAsUser from a service on Vista