This simple example shows how you can change the target session of a new process.

uses

  JwaWindows,

  JwsclToken,

  JwsclComUtils;

var

   NewToken,

   UserToken : TJwSecurityToken;

   S : TStartupInfo;

   P : TProcessInformation;

begin

  UserToken := TJwSecurityToken.CreateWTSQueryUserTokenEx(nil, 1);

  TJwAutoPointer.Wrap(UserToken); //automatic destroy

  NewToken := TJwSecurityToken.CreateDuplicateExistingToken(UserToken.TokenHandle, MAXIMUM_ALLOWED);

  TJwAutoPointer.Wrap(NewToken);  

  //needs TCB privilege -> Service

  JwEnablePrivilege(SE_TCB_NAME, pst_Enable);

  NewToken.TokenSessionId := 2;

  //simple CreateProcessAsUser

  [...]

This is the preview Version of RunAsSys for Windows XP and Vista made with the help of JWSCL.
RunAsSys runs applications as SYSTEM user in the current user’s session. If you start it without any parameters it creates a command prompt with SYSTEM privileges by default. Otherwise you can add an application with [...]

Sometimes it is necessary to change the security settings of a file or folder for getting or denying write access. With JWSCL this task is made very easy. However there are some pitfalls to avoid.
The following code will also be available in the example section of the source code. The application gets a file or [...]

Whenever you impersonate a running thread and create a new thread while impersonating, your new thread will not get impersonated, too. The new thread will run without any thread token and thus a called function will use the process token instead. So you have to impersonate the new thread again. Ignoring that fact may [...]

This simple code excerpt can only be run under SYSTEM account (say in a service). It retrieves the token from the logged on user - especially the user at the physical console. Or in other words the user data of the person that sits in front of the computer. The main code which does the [...]

Windows Vista contains a new feature that allows an administrator to work with less privileges. Every time a user who belongs to the administrator group logs on, the LogonUser API creates two tokens. One tokens contains the real power of the user and the second contains only restricted access. We call such a token restricted [...]