1

I'm trying to understand better how Windows sessions work, so if I have some weird mistakes in the question, please, let me know.

I use LsaEnumerateLogonSessions() to get all the logged on sessions in the system. Now I have LUID that represents a log-on, and if I understand correctly, it represents a user that logged on or a build it user like SYSTEM.

Now, if user X starts a process, Windows gives that process a token that represents X.

Is there a way (in a Windows service) to get the user's token from LUID? I know I can get it from a process HANDLE, but that is not what I want.

the Tin Man
  • 158,662
  • 42
  • 215
  • 303
TCS
  • 5,790
  • 5
  • 54
  • 86

1 Answers1

3

You can use LsaGetLogonSessionData to get the session id and then use WTSQueryUserToken to get the token from that. Note that you may need to run as LocalSystem for WTSQueryUserToken (see "How can I get the current user token for the physical session?" regarding that).

Community
  • 1
  • 1
kichik
  • 33,220
  • 7
  • 94
  • 114
  • Thanks for your quick answer!!! :-) That is what I am trying now, and it is not good enough: Assume user X is connected to the console. If the LUID belongs to user SYSTEM, than LsaGetLogonSessionData() returns sessionID 0. Calling WTSQueryUserToken() returns the token of user X and not of SYSTEM. – TCS Dec 26 '10 at 14:23
  • 1
    OK, seems like [OpenTokenByLogonId](http://msdn.microsoft.com/en-us/library/ff714513.aspx) is what you need then. – kichik Dec 26 '10 at 14:36
  • Thanks, it looks like the right function ! Although I guess it is not that simple or even possible to call from my process. If I manage to perform what I want I will print the code. Thanks again! :-) – TCS Dec 26 '10 at 15:06