[python-win32] Interacting with the desktop as a service onVista
Matt Herbert (matherbe)
matherbe at cisco.com
Wed Oct 22 19:07:09 CEST 2008
> -----Original Message-----
> From: python-win32-bounces+matherbe=cisco.com at python.org
> [mailto:python-win32-bounces+matherbe=cisco.com at python.org]
> On Behalf Of Tim Golden
> Sent: Wednesday, October 22, 2008 10:21 AM
> Cc: python-win32 at python.org
> Subject: Re: [python-win32] Interacting with the desktop as a
> service onVista
>
> Matt Herbert (matherbe) wrote:
> > So I have a service that needs to interact with the desktop
> on a Vista
> > machine. I've read multiple articles about Vista's updated security
> > and it's restrictions on services. So I realize that in
> order for the
> > service to interact with desktop, I'm going to need to create a new
> > process as a "normal" user, and use some form of IPC
> between the child
> > process and my service to get at the information I need.
>
>
> Without knowing what the exact problem which you're
> encountering, it seems to me that you're probably fighting
> the system. I don't use Vista myself but I seem to remember
> that the Service security subsystem has been beefed up to
> make things like this even harder.
>
> You don't say exactly what your interaction with the desktop
> is. Can you not do the usual thing of having a user run a
> (possibly systray-ed) app in his userspace which comminicates
> with your service via, say, named pipes (or sockets, or whatever)?
>
>
> Can you come across with more information, such as how your
> service will be interacting with the desktop?
>
> TJG
Apologies,
I had thought I had provided enough information, but after re-reading my
post, I realized I wasn't really describing the problem very well.
My situation is I have a python service which runs 24/7. Occasionally
The service needs to access windows on the desktop. That is, it needs to
enumerate all the windows, find a specific pop-up, and press a button.
Now, this was not a problem on XP, but the new service restrictions on
vista make it impossible for the Service to access the windows on the
interactive desktop (winsta0\default). So I've written a module that
runs a simple socket server, which tries to CreateProcessAsUser on a
small short lived python script, which will do the work on the desktop.
When the child process starts up, it connects back to the service, and
waits for commands.
Now the problem: From the service (running as the SYSTEM user), I use
the CreateProccessAsUser function, to start up my child process as the
user 'joe' (who, incidentally, is also logged in to the desktop). The
process seems to startup without any problems and even runs as the user
'joe'. However, the child process still is not able to access the
windows on the desktop.
This is what lead me to the MSDN example (in my original post). In the
CreateProcessAsUser documentation
(http://msdn.microsoft.com/en-us/library/ms682429.aspx), under the
remarks section, it discusses the requirements for the child process to
have permissions to interact with desktop. It states that the DACL's of
the windows station and the desktop must be updated to grant access to
the user represented by the token (acquired via the LogonUser function).
So I've done all that, and still I cannot get my child process onto the
interactive desktop.
FWIW, the child process is short lived and I would prefer to not have to
start it up by other means. I really want the service to start the child
process.
Any Ideas?
Thanks
-Matt
More information about the python-win32
mailing list