Windows Vista Forums
Vista Forums Home Join Vista Forums Windows 7 Forum Vista Tutorials Tags
Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks.

Go Back   Vista Forums > Vista Newsgroups > Vista security

Vista - WTSSendMessage fail with error Access Denied

Reply
 
Old 06-22-2007   #1 (permalink)
kalpesh


 
 

WTSSendMessage fail with error Access Denied

i describe my Issue that i am developing virtual printer driver DLL
which is run by
spooler service of operation system, means my driver is run under
spooler service.

Now i need to show one MessageBox from my this DLL in Window vista
but
vista not support any user interface from service thats why i use
this
WTSSendMessage function but this function give me error "ACCESS
DENIED"...


//Code i used


#define WTS_CURRENT_SERVER ((HANDLE)NULL)
#define WTS_CURRENT_SERVER_HANDLE ((HANDLE)NULL)
#define WTS_CURRENT_SERVER_NAME (NULL)


#define WTS_CURRENT_SESSION ((DWORD)-1)


//defination of WTSSendmessage Function pointer
typedef BOOL (*funPtr) ( HANDLE,
DWORD,
LPWSTR,
DWORD, LPWSTR, DWORD, DWORD, DWORD, DWORD*,
BOOL);


funPtr callFun;
HMODULE hModule = LoadLibrary(L"Wtsapi32.dll");
if(hModule)
{
callFun = (funPtr) GetProcAddress(hModule, "WTSSendMessageW");
if(callFun) {
DWORD result;
BOOL ret =
callFun( WTS_CURRENT_SERVER_HANDLE,


WTS_CURRENT_SESSION,


(LPWSTR)L"Thunder Driver",
38,
MB_OK,
FALSE,
&result,
0);


if(!ret) {
Print_Error();
}


}//end getproc
}//end loadlibrary


function return with "Error : Access Denied";;
WTSSendmesage function fail
and return with error "ACCESS DENIED".


This function failed is happening on Window vista only,
One more thing is this same code is running successfully On Window XP
means i think that
there is some problem arise due to Vista securtiy...


So please help me ....
Thanks in Advance....


My System SpecsSystem Spec
Old 06-22-2007   #2 (permalink)
kalpesh


 
 

Re: WTSSendMessage fail with error Access Denied

On Jun 22, 4:50 pm, kalpesh <kalpeshge...@gmail.com> wrote:
> i describe my Issue that i am developing virtual printer driver DLL
> which is run by
> spooler service of operation system, means my driver is run under
> spooler service.
>
> Now i need to show one MessageBox from my this DLL in Window vista
> but
> vista not support any user interface from service thats why i use
> this
> WTSSendMessage function but this function give me error "ACCESS
> DENIED"...
>
> //Code i used
>
> #define WTS_CURRENT_SERVER ((HANDLE)NULL)
> #define WTS_CURRENT_SERVER_HANDLE ((HANDLE)NULL)
> #define WTS_CURRENT_SERVER_NAME (NULL)
>
> #define WTS_CURRENT_SESSION ((DWORD)-1)
>
> //defination of WTSSendmessage Function pointer
> typedef BOOL (*funPtr) ( HANDLE,
> DWORD,
> LPWSTR,
> DWORD, LPWSTR, DWORD, DWORD, DWORD, DWORD*,
> BOOL);
>
> funPtr callFun;
> HMODULE hModule = LoadLibrary(L"Wtsapi32.dll");
> if(hModule)
> {
> callFun = (funPtr) GetProcAddress(hModule, "WTSSendMessageW");
> if(callFun) {
> DWORD result;
> BOOL ret =
> callFun( WTS_CURRENT_SERVER_HANDLE,
>
> WTS_CURRENT_SESSION,
>
> (LPWSTR)L"Thunder Driver",
> 38,
> MB_OK,
> FALSE,
> &result,
> 0);
>
> if(!ret) {
> Print_Error();
> }
>
> }//end getproc
> }//end loadlibrary
>
> function return with "Error : Access Denied";;
> WTSSendmesage function fail
> and return with error "ACCESS DENIED".
>
> This function failed is happening on Window vista only,
> One more thing is this same code is running successfully On Window XP
> means i think that
> there is some problem arise due to Vista securtiy...
>
> So please help me ....
> Thanks in Advance....


I found some more help on this topic that every service having some
terminal service Permissions

like..
<<< Terminal Services Permissions >>
-- Query sessions and servers for information.
-- Configure connection properties
-- View or actively control another user's session
-- Log on to a session on the server.
-- Log off a user from a session. Be aware that logging off a user
without warning can result in loss of data at the client.
-- Send a message to another user's sessions
-- Connect to another session.
-- Disconnect a session.
-- Use virtual channels. Be aware that turning off virtual channels
disables some Terminal Services features such as clipboard and printer
redirection.
-- End a session. Be aware that ending a session without warning can
result in loss of data at the client.

for more help Link--> http://msdn2.microsoft.com/En-US/library/aa383488.aspx

Now each service is run under specific Access Accout this are:::
1) Full Access
2) User Access
3) Guest Access

Full Access have full permission, do all terminal service task while
user access have some and guest have only one which
is
Guest access allows users to:
· Log on to a session on the server.

More Info visit Link::
http://207.46.196.114/windowsserver/....mspx?mfr=true
http://207.46.196.114/windowsserver/....mspx?mfr=true
http://207.46.196.114/windowsserver/....mspx?mfr=true

>From this Access permission i think that my virtual printer driver DLL

run with guest access because it give access denied error for
WTSSendMessage function and also for OpenProcessToken function..

so tell me after read this message and study from the link which i
given..

After all what is the solution for My problem to show one message box
from service (My virtual printer driver DLL)..

Help me...
Thanks in Advance..





My System SpecsSystem Spec
Old 06-27-2007   #3 (permalink)
Alun Jones


 
 

Re: WTSSendMessage fail with error Access Denied

"kalpesh" <kalpeshgedia@gmail.com> wrote in message
news:1182513015.859303.288070@a26g2000pre.googlegroups.com...
>i describe my Issue that i am developing virtual printer driver DLL
> which is run by
> spooler service of operation system, means my driver is run under
> spooler service.


Services all run in session 0. That's a starting point.

> Now i need to show one MessageBox from my this DLL in Window vista
> but
> vista not support any user interface from service thats why i use
> this
> WTSSendMessage function but this function give me error "ACCESS
> DENIED"...
>
>
> //Code i used
>
>
> #define WTS_CURRENT_SERVER ((HANDLE)NULL)
> #define WTS_CURRENT_SERVER_HANDLE ((HANDLE)NULL)
> #define WTS_CURRENT_SERVER_NAME (NULL)
>
>
> #define WTS_CURRENT_SESSION ((DWORD)-1)


"Current Session" is one of those items that sticks out like a sore thumb on
Vista. Keep reading...

> function return with "Error : Access Denied";;
> WTSSendmesage function fail
> and return with error "ACCESS DENIED".
>
> This function failed is happening on Window vista only,
> One more thing is this same code is running successfully On Window XP
> means i think that
> there is some problem arise due to Vista securtiy...


Between Windows XP and Windows Vista, a few things changed.

First, Windows XP already had the feature that several users could be logged
in to multiple sessions, so your driver would wind up sending its message to
the "console" session, which might not be the currently active session. Your
driver needs to take account of the possibility that multiple users may be
logged in at multiple sessions, or it will fail to notify active users on
Windows XP or Server 2003.

Worse, on Windows Vista, the user _never_ gets to log on in session 0,
because it's a security risk to have users and services running in the same
logon session.

You will need to investigate WTSEnumerateSessions to get a list of all the
sessions, and send your message to all of them that are in the WTSActive
state.

I notice you're also passing "FALSE" for the parameter documented as "DWORD
Timeout", and "0" for the parameter documented as "BOOL bWait". I think you
have these reversed - while the effect is to pass a value of 0 to each, it's
confusing.

Finally, since you can't really tell if anyone's paying attention to your
dialog here, I would suggest setting bWait to FALSE, and Timeout to some
value after which the dialog will disappear from the sessions that aren't
actually being watched by a user right now. Setting a timeout of 0 is just
asking for trouble, as your dialogs back up on an inactive desktop, taking
up space that will never be returned because the user isn't there - and then
when the user returns, they have to do what, click OK like a million times?
Stop abusing your users just because you don't want to spend a few seconds
to think about good timeout values.

Alun.
~~~~


My System SpecsSystem Spec
Reply

Thread Tools


Similar Threads
Thread Forum
Error: access is denied Vista General
Error: access is denied Vista General
WTSSendMessage return access denied! Vista security
WTSSendMessage fail with error Access Denied Vista General
getdrivelayout: create file fail! Access Denied (ERROR) Please he Vista General


Vista Forums is an independent web site and has not been authorized,
sponsored, or otherwise approved by Microsoft Corporation.
"Windows Vista", the Start Orb, and related materials are trademarks of Microsoft Corp.
© Designer Media Ltd

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46