How can I force a LockWorkstation from a Windows Service on Vista?

Hello,
I have written a Credential Provider which requires a secure token to be
present. This works fine. I have written a Windows Service which periodically
scans for the secure token presence. This works fine.

HOWEVER ....

What I would like to be able to do is to lock the workstation (go back to
the logon screen) if my Windows Service notices that the secure token is no
longer present.

How can I do this (I've been trawling through the web and haven't found
anything I can use).

I've tried running the Windows Service both as a User and as a LocalService.

Any suggestions would be very gratefully received!

Use this command : %windir%\System32\rundll32.exe user32.dll,LockWorkStation

--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
http://www.microsoft.com/wn3/locales...eAPostAsAnswer
Mark L. Ferguson
..

"Malignonne" <> wrote in message
news:E76079B5-90B2-4724-AB55-...
> Hello,
> I have written a Credential Provider which requires a secure token to be
> present. This works fine. I have written a Windows Service which
> periodically
> scans for the secure token presence. This works fine.
>
> HOWEVER ....
>
> What I would like to be able to do is to lock the workstation (go back to
> the logon screen) if my Windows Service notices that the secure token is
> no
> longer present.
>
> How can I do this (I've been trawling through the web and haven't found
> anything I can use).
>
> I've tried running the Windows Service both as a User and as a
> LocalService.
>
> Any suggestions would be very gratefully received!

Thanks Mark,

That was one I had already tried!

The command works fine from a console window, but not from a Windows
Service. For example:

HINSTANCE x = ShellExecute(NULL, NULL, "rundll32.exe",
"user32.dll,LockWorkStation", NULL, 0);

returns x = 42, which indicates success. However, the workstation is not
locked.

It looks like a security problem of some sort (I've tried running the
service as Local Server and a Remote Service too, but there is no change)

Regards
Ben



"Mark L. Ferguson" wrote:

> Use this command : %windir%\System32\rundll32.exe user32.dll,LockWorkStation
>
> --
> Was this helpful? Then click the Ratings button. Voting helps the web
> interface.
> http://www.microsoft.com/wn3/locales...eAPostAsAnswer
> Mark L. Ferguson
> .
>
> "Malignonne" <> wrote in message
> news:E76079B5-90B2-4724-AB55-...
> > Hello,
> > I have written a Credential Provider which requires a secure token to be
> > present. This works fine. I have written a Windows Service which
> > periodically
> > scans for the secure token presence. This works fine.
> >
> > HOWEVER ....
> >
> > What I would like to be able to do is to lock the workstation (go back to
> > the logon screen) if my Windows Service notices that the secure token is
> > no
> > longer present.
> >
> > How can I do this (I've been trawling through the web and haven't found
> > anything I can use).
> >
> > I've tried running the Windows Service both as a User and as a
> > LocalService.
> >
> > Any suggestions would be very gratefully received!
>

It's probably a rights problem. Would the command :
shutdown /L /T 00
do anything for you?
--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
http://www.microsoft.com/wn3/locales...eAPostAsAnswer
Mark L. Ferguson
..

"Malignonne" <> wrote in message
news:3EFFCDF4-C121-4EB9-A629-...
> Thanks Mark,
>
> That was one I had already tried!
>
> The command works fine from a console window, but not from a Windows
> Service. For example:
>
> HINSTANCE x = ShellExecute(NULL, NULL, "rundll32.exe",
> "user32.dll,LockWorkStation", NULL, 0);
>
> returns x = 42, which indicates success. However, the workstation is not
> locked.
>
> It looks like a security problem of some sort (I've tried running the
> service as Local Server and a Remote Service too, but there is no change)
>
> Regards
> Ben
>
>
>
> "Mark L. Ferguson" wrote:
>
>> Use this command : %windir%\System32\rundll32.exe
>> user32.dll,LockWorkStation
>>
>> --
>> Was this helpful? Then click the Ratings button. Voting helps the web
>> interface.
>> http://www.microsoft.com/wn3/locales...eAPostAsAnswer
>> Mark L. Ferguson
>> .
>>
>> "Malignonne" <> wrote in message
>> news:E76079B5-90B2-4724-AB55-...
>> > Hello,
>> > I have written a Credential Provider which requires a secure token to
>> > be
>> > present. This works fine. I have written a Windows Service which
>> > periodically
>> > scans for the secure token presence. This works fine.
>> >
>> > HOWEVER ....
>> >
>> > What I would like to be able to do is to lock the workstation (go back
>> > to
>> > the logon screen) if my Windows Service notices that the secure token
>> > is
>> > no
>> > longer present.
>> >
>> > How can I do this (I've been trawling through the web and haven't found
>> > anything I can use).
>> >
>> > I've tried running the Windows Service both as a User and as a
>> > LocalService.
>> >
>> > Any suggestions would be very gratefully received!
>>

This doesn't work either, even if I put it in a bat file and run that.

I agree that it is a rights problem.

The problem is how do I resolve it?!


"Mark L. Ferguson" wrote:

> It's probably a rights problem. Would the command :
> shutdown /L /T 00
> do anything for you?
> --
> Was this helpful? Then click the Ratings button. Voting helps the web
> interface.
> http://www.microsoft.com/wn3/locales...eAPostAsAnswer
> Mark L. Ferguson
> ..
>
> "Malignonne" <> wrote in message
> news:3EFFCDF4-C121-4EB9-A629-...
> > Thanks Mark,
> >
> > That was one I had already tried!
> >
> > The command works fine from a console window, but not from a Windows
> > Service. For example:
> >
> > HINSTANCE x = ShellExecute(NULL, NULL, "rundll32.exe",
> > "user32.dll,LockWorkStation", NULL, 0);
> >
> > returns x = 42, which indicates success. However, the workstation is not
> > locked.
> >
> > It looks like a security problem of some sort (I've tried running the
> > service as Local Server and a Remote Service too, but there is no change)
> >
> > Regards
> > Ben
> >
> >
> >
> > "Mark L. Ferguson" wrote:
> >
> >> Use this command : %windir%\System32\rundll32.exe
> >> user32.dll,LockWorkStation
> >>
> >> --
> >> Was this helpful? Then click the Ratings button. Voting helps the web
> >> interface.
> >> http://www.microsoft.com/wn3/locales...eAPostAsAnswer
> >> Mark L. Ferguson
> >> .
> >>
> >> "Malignonne" <> wrote in message
> >> news:E76079B5-90B2-4724-AB55-...
> >> > Hello,
> >> > I have written a Credential Provider which requires a secure token to
> >> > be
> >> > present. This works fine. I have written a Windows Service which
> >> > periodically
> >> > scans for the secure token presence. This works fine.
> >> >
> >> > HOWEVER ....
> >> >
> >> > What I would like to be able to do is to lock the workstation (go back
> >> > to
> >> > the logon screen) if my Windows Service notices that the secure token
> >> > is
> >> > no
> >> > longer present.
> >> >
> >> > How can I do this (I've been trawling through the web and haven't found
> >> > anything I can use).
> >> >
> >> > I've tried running the Windows Service both as a User and as a
> >> > LocalService.
> >> >
> >> > Any suggestions would be very gratefully received!
> >>
>

A shortcut can be set to 'run as administrator' and you could launch the bat
file from that.
bat_file_start.lnk/Properties.
There is probably a way to 'impersonate' in the VB code, but I don't know
that.
--
Was this helpful? Then click the Ratings button. Voting helps the web
interface.
http://www.microsoft.com/wn3/locales...eAPostAsAnswer
Mark L. Ferguson
..

"Malignonne" <> wrote in message
news:BC1B829B-95CF-4048-8EB3-...
> This doesn't work either, even if I put it in a bat file and run that.
>
> I agree that it is a rights problem.
>
> The problem is how do I resolve it?!
>
>
> "Mark L. Ferguson" wrote:
>
>> It's probably a rights problem. Would the command :
>> shutdown /L /T 00
>> do anything for you?
>> --
>> Was this helpful? Then click the Ratings button. Voting helps the web
>> interface.
>> http://www.microsoft.com/wn3/locales...eAPostAsAnswer
>> Mark L. Ferguson
>> ..
>>
>> "Malignonne" <> wrote in message
>> news:3EFFCDF4-C121-4EB9-A629-...
>> > Thanks Mark,
>> >
>> > That was one I had already tried!
>> >
>> > The command works fine from a console window, but not from a Windows
>> > Service. For example:
>> >
>> > HINSTANCE x = ShellExecute(NULL, NULL, "rundll32.exe",
>> > "user32.dll,LockWorkStation", NULL, 0);
>> >
>> > returns x = 42, which indicates success. However, the workstation is
>> > not
>> > locked.
>> >
>> > It looks like a security problem of some sort (I've tried running the
>> > service as Local Server and a Remote Service too, but there is no
>> > change)
>> >
>> > Regards
>> > Ben
>> >
>> >
>> >
>> > "Mark L. Ferguson" wrote:
>> >
>> >> Use this command : %windir%\System32\rundll32.exe
>> >> user32.dll,LockWorkStation
>> >>
>> >> --
>> >> Was this helpful? Then click the Ratings button. Voting helps the web
>> >> interface.
>> >> http://www.microsoft.com/wn3/locales...eAPostAsAnswer
>> >> Mark L. Ferguson
>> >> .
>> >>
>> >> "Malignonne" <> wrote in message
>> >> news:E76079B5-90B2-4724-AB55-...
>> >> > Hello,
>> >> > I have written a Credential Provider which requires a secure token
>> >> > to
>> >> > be
>> >> > present. This works fine. I have written a Windows Service which
>> >> > periodically
>> >> > scans for the secure token presence. This works fine.
>> >> >
>> >> > HOWEVER ....
>> >> >
>> >> > What I would like to be able to do is to lock the workstation (go
>> >> > back
>> >> > to
>> >> > the logon screen) if my Windows Service notices that the secure
>> >> > token
>> >> > is
>> >> > no
>> >> > longer present.
>> >> >
>> >> > How can I do this (I've been trawling through the web and haven't
>> >> > found
>> >> > anything I can use).
>> >> >
>> >> > I've tried running the Windows Service both as a User and as a
>> >> > LocalService.
>> >> >
>> >> > Any suggestions would be very gratefully received!
>> >>
>>

Still no joy, I'm afraid. Trying to run the shortcut from the service
returns an error of 2.