Three short questions about LogonUser (with answers!)


A customer had a Web service that runs processes as specific users. There may be multiple such processes running at the same time for a single user account. Here are the questions. And just to be nice, I've even included the answers. (Note: These are not my answers. I'm just recording them for posterity.)

"Is there a limit to the number of Logon­User sessions that can exist at a time for a particular user?"

It is limited by available memory.

"Once the process exits, what kind of cleanup do we need to perform? We don't see a Logoff­User function."

When you are done, take the token handle that you got from Logon­User and pass it to Close­Handle.

"Is there a recommended way to run multiple processes under the same user account?"

When you get a token from Logon­User, use that one token for multiple processes.

Comments (2)
  1. Mike Caron says:

    Aw, I was hoping these were going to be interesting questions/answers, not really basic ones. I had to add this functionality to a cron daemon type program in the last six months, and spend 60-70% of my time on the project trying to figure out the correct way to manage Desktops and Window Stations and stuff like that. Figuring out how to manage the token was the easy part :)

    1. Chris says:

      "Programming Windows Security" by Keith Brown was one of the best assistants to that I've ever had. The book is admittedly a bit dated(it mentions NT4 and Windows 2000, ffs), however, it gives extremely useful details and background of the logon process, managing tokens, managing ACLs, desktops, window stations, jobs, etc. that are still quite applicable and very useful today.

      Kind of like how many people still find Programming Windows, 5th Edition by Charles Petzold is still one of the best introductions to the concepts and basics of Win32 programming, despite the fact that it focused on Windows 98 and NT 4.

Comments are closed.

Skip to main content