Run prog using LocalSystem Service CreateProcessAsUser or click on desktop icon? [C#]

[Shaitan00]

At my company we have a product which pretty much interacts with everything you can imagine... registry, databases, devices, etc... it is composed of many parts but the entire application is launched by a single executable (start.exe) which is responsbile for launching everything else - this is all legacy code and run under a USER account.

Currently this is launched as a STARTUP item (or by double-clicking on the desktop icon) in Windows, meaning when the user logins into the USER account the application (start.exe) automatically kicks off, under this account it has all the permissions it needs to run and everything has been fine for years...

Now comes the change - I have written a service (Serv.exe) that is running as LocalSystem - this service is responsible for updating the various software components of our product and works as follows: - when the product detects an update it signals the LocalSystem service (Serv.exe) and then terminates itself - Serv.exe will then perform all the updating

Now, after everything is done, the product (via start.exe) needs to be launched again automatically ... and this is where I need some advice ... what is the best way to restart the product (start.exe)?

Right now I use the LocalSystem Service (Serv.exe) and impersonate the USER account as follows: - CreateEnvironmentBlock for the USER - CreateProcessAsUser(start.exe) as the USER with the corresponding EnvBlock - DestroyEnvironmentBlock

But is this really 100% equivalent to double-clicking on the icon in the USER account context? I need to ensure that everything is identical when it is either launched on STARTUP of USER or by Impersonation from Serv.exe (LocalSystem) - is there a risk involved? Will I still have the same rights/abilities with all databases? registry? device interaction? etc..

By loading the EnvBlock I seem to get everything I need but ... is this not a good way to do it...?

Kind of hoping for some guidance and advice from the pro's out there ... Any help or hints would be much appreciated. Thanks,

[Arjay]

If you are concerned about your existing approach, you could have launch agent that runs under the user account an it communicates with the service. The service could notify the launch agent when to restart the application(s).

It would be fairly simple to use WCF (that is hosted by your service) for the communication later. WCF has http dual bindings to use so you can send notifications from the service to the agent so the agent would know when to relaunch the app. You could use the same mechanism to send status/progress information (and make the agent a tray icon app).