Vista session change notification service
Hello,
I am currently trying to implement something that would serve the same purpose as the notification packages in WinXP/2k. I started reading this article:http://yourtechconnect.blogspot.com/2005/08/windows-vista-winlogon-changes.html
Don't need to read all the text, the most important part is this:
"For a notification package you will need to migrate this code to a service that handles logon, logoff, disconnect, reconnect, lock, and unlock Service Control Manager (SCM) notifications. The service would then receive notifications from SCM just as they would in Windows XP. However in Vista they will support logon, logoff, disconnect, reconnect, lock, and unlock. Then you would rely onSERVICE_ACCEPT_SESSIONCHANGEfor the session status change notification. "
So well, I wrote a service, which works fine - it gets the notifications when session changes. Now I face the following problem - when some user logs on, I would need his token to pass it to our software. But AFAIK, the service doesn't get the token with a notification and it runs on the LocalSystemAccount. So my question is - How can I get the logged-on user token within the service code? If you have any other suggestions, I will be thanksfull - I am the beginner in Security.
Many thanks in advance.
[1795 byte] By [
wolf777] at [2008-2-11]
So meanwhile, I found a solution myself :-)
If you are interested in the same issue, use function WTSQueryUserToken() to retrieve user token and use function WTSQuerySessionInformation() to retrieve additional information like username, domain etc.
AFAIK, SERVICE_ACCEPT_SESSIONCHANGE is generic notification representing logon, logoff etc. Now how can I differentiate between logon or logoff. Specifically, how do I find out if a user is logging out and which user is logging out? How can I obtain the user's token?
Thanks in advance for your help
Hi, sorry for replying so late. I forgot to setup the notifications.
So - determining whether the user is logging on or off is quite easy. You just create a service with extended handler (using RegisterServiceCtrlHandlerEx() function). This handler then receives notifications from the system. You get SERVICE_CONTROL_SESSIONCHANGE in dwControl parameter and the type of session change in dwEventType parameter (for example you get WTS_SESSION_LOGON on logon or WTS_SESSION_LOGOFF on logoff).
User's token can be retrieved using WTSQueryUserToken() function. This function works only within the service (running on LocalSystem Account). If you don't need the user's token, you can also use WTSRegisterSessionNotification() function which registers a standard HWND to receive session change notifications, so you don't need to make a service.
I presently have been trying to set up a windows service that receives callbacks whenever a user logs on/logs off. I tried using the RegisterServiceCtrlHandlerEx() function to register my own handler. However, I dont seem to receive any callbacks when users log on or log off (I verified that my service has started and was running even after I logged off and logged back on.) The service receives callbacks on its handler when SERVICE_CONTROL_STOP was issued. However, the handler was not called back on SERVICE_CONTROL_SESSIONCHANGE. Any ideas as to what could be wrong?
Another, perhaps related question. Is there one common interface that I can use for event notification on logoff and logon's on Win 2000, Win XP and Vista? from what I've read, the WinLogon APIs are suppored only on Win 2000 and Win XP. The RegisterServiceCtrlHandlerEx() notifcations are supported only on Win XP and Vista. I'd appreciate any help in this regard!
thanks,
wolf777 wrote: