Allow w3wp.exe to "access desktop" on Vista

Hello all,

For debugging purposes I want to allow the w3wp.exe process to access the
desktop, and create windows on it. On XP I could use the Properties Dialog
("Log On" tab) and check the "Allow service to interact with desktop" box. I
would do this for the "World Wide Web Publishing Service" and the "IIS Admin
service". On Vista, this approach no longer works.

I've tried calling SetProcessWindowStation() from a DLL loaded into w3wp but
I cannot get that working either.

What's the Vista route to allow the IIS processes to access the desktop?

Thanks,

john

Re: Allow w3wp.exe to "access desktop" on Vista

On Dec 4, 8:07 am, "JohnD" wrote:
> Hello all,
>
> For debugging purposes I want to allow the w3wp.exe process to access the
> desktop, and create windows on it. On XP I could use the Properties Dialog
> ("Log On" tab) and check the "Allow service to interact with desktop" box. I
> would do this for the "World Wide Web Publishing Service" and the "IIS Admin
> service". On Vista, this approach no longer works.
>
> I've tried calling SetProcessWindowStation() from a DLL loaded into w3wp but
> I cannot get that working either.
>
> What's the Vista route to allow the IIS processes to access the desktop?
>
> Thanks,
>
> john


No longer possible for security reasons.

Believe me, we used that feature to debug IIS6 as well, but we had to
change debugging setup for Vista/IIS7 to use named pipes or TCP ports
to cross the WinStation security boundary (by transmitting command
packets between client-server processes, one within each WinStation).


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//

Re: Allow w3wp.exe to "access desktop" on Vista

Hi David,

OK,"for security reasons" is one of my least favourite phrases when writing
code, I guess I'll have to get used to it.

Should I be able to use IIS6 on Vista when debugging? I may be able to
manage that in the short-term until we can refactor our debugging.

Thanks for your help,

John



"David Wang" wrote in message
news:0779cb77-fa69-4cb1-b296-d01174745965@e10g2000prf.google groups.com...
> On Dec 4, 8:07 am, "JohnD" wrote:
>> Hello all,
>>
>> For debugging purposes I want to allow the w3wp.exe process to access the
>> desktop, and create windows on it. On XP I could use the Properties
>> Dialog
>> ("Log On" tab) and check the "Allow service to interact with desktop"
>> box. I
>> would do this for the "World Wide Web Publishing Service" and the "IIS
>> Admin
>> service". On Vista, this approach no longer works.
>>
>> I've tried calling SetProcessWindowStation() from a DLL loaded into w3wp
>> but
>> I cannot get that working either.
>>
>> What's the Vista route to allow the IIS processes to access the desktop?
>>
>> Thanks,
>>
>> john
>
>
> No longer possible for security reasons.
>
> Believe me, we used that feature to debug IIS6 as well, but we had to
> change debugging setup for Vista/IIS7 to use named pipes or TCP ports
> to cross the WinStation security boundary (by transmitting command
> packets between client-server processes, one within each WinStation).
>
>
> //David
> http://w3-4u.blogspot.com
> http://blogs.msdn.com/David.Wang
> //

Re: Allow w3wp.exe to "access desktop" on Vista

This particular "for security reason" closes the loophole that allowed
"shatter attacks" on Win32 platforms. Yes, like many security issues,
this one is annoying, especially to developers working on Windows
services. But, it is very easily overcome with the Microsoft Debugging
Toolkit.

It is not possible to use IIS6 on Vista.

You can either use IIS7 on Vista, or IIS6 on Windows Server 2003 (and
Windows XP 64bit)


//David
http://w3-4u.blogspot.com
http://blogs.msdn.com/David.Wang
//



On Dec 6, 6:40 am, "JohnD" wrote:
> Hi David,
>
> OK,"for security reasons" is one of my least favourite phrases when writing
> code, I guess I'll have to get used to it.
>
> Should I be able to use IIS6 on Vista when debugging? I may be able to
> manage that in the short-term until we can refactor our debugging.
>
> Thanks for your help,
>
> John
>
> "David Wang" wrote in message
>
> news:0779cb77-fa69-4cb1-b296-d01174745965@e10g2000prf.google groups.com...
>
>
>
> > On Dec 4, 8:07 am, "JohnD" wrote:
> >> Hello all,
>
> >> For debugging purposes I want to allow the w3wp.exe process to access the
> >> desktop, and create windows on it. On XP I could use the Properties
> >> Dialog
> >> ("Log On" tab) and check the "Allow service to interact with desktop"
> >> box. I
> >> would do this for the "World Wide Web Publishing Service" and the "IIS
> >> Admin
> >> service". On Vista, this approach no longer works.
>
> >> I've tried calling SetProcessWindowStation() from a DLL loaded into w3wp
> >> but
> >> I cannot get that working either.
>
> >> What's the Vista route to allow the IIS processes to access the desktop?
>
> >> Thanks,
>
> >> john
>
> > No longer possible for security reasons.
>
> > Believe me, we used that feature to debug IIS6 as well, but we had to
> > change debugging setup for Vista/IIS7 to use named pipes or TCP ports
> > to cross the WinStation security boundary (by transmitting command
> > packets between client-server processes, one within each WinStation).
>
> > //David
> >http://w3-4u.blogspot.com
> >http://blogs.msdn.com/David.Wang
> > //- Hide quoted text -
>
> - Show quoted text -