I'm trying to implement an application that allows Administratos users to launch desktop applications using others credential.
I've used the following guideline: https://learn.microsoft.com/en-us/previous-versions//aa379608(v=vs.85)?redirectedfrom=MSDN
I've used CreateProcessWithToken instead of CreateProcessAsUser because I don't have ERROR_PRIVILEGE_NOT_HELD privilege.
I'm following the steps:
- LogonUserEx type LOGON32_LOGON_INTERACTIVE using another active directory user.
- add proper window station ACE
- add proper desktop ACE
- DuplicateToken
- launch the application using CreateProcessWithTokenW
everything works, after adding the ACE in the Winsta0\Default Windows Station and Desktop I'm able to see the application running in the desktop.
The issue is the difference of Graphic appearance and performance.
I can add that using createprocesswithlogon directly, with username and password the application appearance is fine.
I'm really trying to understand what security permission or operation is needed to allow CreateProcessWithToken to launch a full featured graphic window application.
at the link the expected and current appearance: https://imgur.com/a/sDcCpoy