为什么CreateProcessAsUser在Vista/Windows 7上需要交互式Window Station?
我必须对此进行深入研究,因为在Windows 2003/XP上无法正常工作的代码在Windows 7上无法正常工作.使用CreateProcessAsUser启动的应用程序失败,错误代码为0xc0000142.我的旧代码与MSDN上的代码之间的区别,该代码可从开始C ++中的交互式客户端进程是,我没有设置特权,也没有设置Window Station和桌面的特权.我已经根据示例更新了代码,但是我非常想了解更新Windows中的哪些更改使交互式Window station中的运行进程成为必需条件?
I had to delve into this because the code that worked fine on Windows 2003/XP doesn't on Windows 7. Application launched by the use of CreateProcessAsUser fails with 0xc0000142 error code. The difference between my old code and one available from MSDN at Starting an Interactive Client Process in C++ is that I didn't set up privileges and to Window Station and desktop. I've updated my code according to the example, but I would very much like to understand which change in newer Windows made running processes in interactive Window station a requirement?
至少有部分需求来自于更改,以便在与服务不同的会话中运行交互式流程.这样做是为了使应用程序无法对特权服务运行粉碎"式攻击.在此处.
At least part of the requirements derive from the change to run interactive processes in a different session from services. This was done so that applications could not run 'shatter' style attacks against privileged services. More information is available here.