How to display a message box from a COM+ server application configured as a non-interactive user?
I ran into a COM+ security problem when trying to display a message box
inside a COM+ server application. The COM+ server application was
configured to run under Administrator account. If I simply call
"MessageBox()" API in the COM function, the window would be invisible
since my dllhost.exe process creates a new winstation that is different
from the WinSta0 interactive winstation. In order to fix the problem, I
tried the following code, but it still didn't work:
MyComServer::foo()
{
HWINSTA hwinsta = 0;
HDESK hdesk = 0;
hwinsta = OpenWindowStation("winsta0", FALSE, MAXIMUM_ALLOWED);
// Set the windowstation to be winsta0
SetProcessWindowStation(hwinsta);
// Get the default desktop on winsta0
hdesk = OpenDesktop("Default", 0, FALSE, MAXIMUM_ALLOWED);
// Set the desktop to be "default"
SetThreadDesktop(hdesk);
//Display the dlg
MessageBox(NULL, "Hello world!", "I see you", MB_OK);
}
After doing some debugging, I found out that the MessageBox didn't show
up because the COM+ dllhost.exe process doesn't have the privilage to
create new desktops. Although OpenWindowStation("winsta0", FALSE,
MAXIMUM_ALLOWED) returns sucess, the call to
OpenWindowStation("winsta0", FALSE, WINSTA_CREATEDDESKTOP) failed
despite the fact that dllhost.exe was running as an Administrator. Due
to the constraints of my project, I cannot configure my COM+ server as
an interactive user application. I've thought about possible solutions,
including changing other COM+ security settings, OS local security
settings or even passing security descriptors before making calls to
the MessageBox() function. Since I am no guru of Windows security
programming, I'd appreciate it if you can help pointing out a way to
allow a privilaged daemon process to directly interact with the desktop
(not by talking to another interactive user process).
Thanks in advance!
cym