Home/ Questions/Q 8807911
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-14T02:29:07+00:00

I have a windows service created with Delphi 7, with StartType = stSystem. Now

  • 0

I have a windows service created with Delphi 7, with StartType = stSystem.

Now I need to launch an application to make some things for me.
This application has a MainForm and other GDI resources.
The parameter passed to the application assigns values for some controls (like edits and memos) and then click at a button….

I’m trying this:

var
  token: cardinal;
  si: TStartupInfo;
  pi: TProcessInformation;
begin
  if not LogonUser('admintest', '', 'secret123', LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, token) then
    RaiseLastOSError;

  try
    if not ImpersonateLoggedOnUser(token) then
      RaiseLastOSError;

    fillchar(si, sizeof(si), 0);
    si.cb := sizeof(si);
    si.lpDesktop := PChar('winsta0\default');
    if not CreateProcessAsUser(token, nil, '"c:\...\myapp.exe" -doCrazyThings', nil, nil, false, NORMAL_PRIORITY_CLASS or CREATE_NEW_CONSOLE, nil, nil, si, pi) then
      RaiseLastOSError;

    CloseHandle(pi.hThread);
    waitForSingleObject(pi.hProcess, INFINITE);
    CloseHandle(pi.hProcess);
  finally
    CLoseHandle(token);
  end;
end;

When I run my service executable as a normal application (-noservice), it starts as a Forms.Application and creates a MainForm with a button “Start”.
*The button runs the same code that service run, but it doesn’t works and it’s rasing the eror code 1314 at createprocessasuser.*

Why? What is the diference between SYSTEM service and a normal application launched by a administrator?

My environment is a Windows 7 Pro x64

What am I doing wrong?
How can I solve this?
Can someone post an example?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Error 1314 is ERROR_PRIVILEGE_NOT_HELD, which means your calling thread is missing a required privilege to run CreateProcessAsUser(). You don’t need to, nor should you be, impersonating the user token in order to launch a new process in the user’s desktop. You should be letting the thread use the service’s credentials, not the user’s credentials, when calling CreateProcessAsUser(). It will make sure the new process is run inside the user’s account and desktop for you, so get rid of the call to ImpersonateLoggedOnUser() and see if CreateProcessAsUser() starts working.

    Update: read the documentation:

    Typically, the process that calls the CreateProcessAsUser function must have the SE_INCREASE_QUOTA_NAME privilege and may require the SE_ASSIGNPRIMARYTOKEN_NAME privilege if the token is not assignable. If this function fails with ERROR_PRIVILEGE_NOT_HELD (1314), use the CreateProcessWithLogonW function instead. CreateProcessWithLogonW requires no special privileges, but the specified user account must be allowed to log on interactively. Generally, it is best to use CreateProcessWithLogonW to create a process with alternate credentials.

    • 0