Do not do this. It is VERY bad practice to display a UI from the context of a service because the majority of services run in the security context of LocalSystem. The LocalSystem security context has complete and free reign of the system and can do everything that the Administrator can do and more. If a service running as LocalSystem displays a UI, it is possible for anyone on the system to run any arbitrary code they want with a little effort. This arbitrary code could potentially elevate privileges or do any other malicious act.

The recommended way of acheiving what you are trying to do is to have an application (client) that runs at logon time of every user. That client would then *talk* to the service using some IPC mechanism such as pipes, sockets, events, etc.

Just my $0.02

- Robert