Susan,
thank you for your reply.
Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] wrote:
Aaron Margosis says:
"Actually, not true. Services can no longer interact with the
desktop. Services that did always interacted with Session 0 (the
console session, in Windows pre-Vista), and were already broken with
XP's Fast User Switching and other terminal services scenarios, where
user sessions were frequently not session 0. On Vista, NO
interactive user session will be in session 0, so all those services
insisting on displaying UI will not do so on a desktop where a user
is running applications.
This is a valuable clarification.
Also, runas.exe etc do not result in elevated tokens - you can run
stuff under a different account, but it doesn't get a full-privileged
token."
However, I still can't get behind this one - if you run an application
under a different account, even if you don't get a full-priveleged
token, you might potentially be able to execute anything on behalf of
this account through shattering from another window on the same desktop
due to the very lack of UIPI for runas-run applications.
Denis
---------------------------------------------------------------------------
---------------------------------------------------------------------------
