I’m trying to understand better how Windows sessions work, so if I have some

Question

0

Asked: May 18, 20262026-05-18T23:16:40+00:00 2026-05-18T23:16:40+00:00

I’m trying to understand better how Windows sessions work, so if I have some

0

I’m trying to understand better how Windows sessions work, so if I have some weird mistakes in the question, please, let me know.

I use LsaEnumerateLogonSessions() to get all the logged on sessions in the system.
Now I have LUID that represents a log-on, and if I understand correctly, it represents a user that logged on or a build it user like SYSTEM.

Now, if user X starts a process, Windows gives that process a token that represents X.

Is there a way (in a Windows service) to get the user’s token from LUID?
I know I can get it from a process HANDLE, but that is not what I want.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-18T23:16:41+00:00

Editorial Team

2026-05-18T23:16:41+00:00Added an answer on May 18, 2026 at 11:16 pm

You can use LsaGetLogonSessionData to get the session id and then use WTSQueryUserToken to get the token from that. Note that you may need to run as LocalSystem for WTSQueryUserToken (see “How can I get the current user token for the physical session?” regarding that).

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I’m trying to understand better how Windows sessions work, so if I have some

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply