Is it possible to get Logged in user Non Restricted token from a service on Vista?

I need to create a process with integrity level high, so that it can do all the administrative tasks. But the created process should run in the current logged in desktop i.e. it should not run in session 0. By default only开发者_Python百科 administrators will log on to the console.

The service should launch the process, as service is running in session 0 and system account. Can it any how get the non restricted token and use it in CreateProcessAsUser, so that the process created does have integrity level of high or system. Is it possible? One more thing is i should get the non restricted token with out prompting for user name or password of the logged in user.

Thanks

---

Yes it is possible, we need to query for the linked token.

http://www.eggheadcafe.com/software/aspnet/28532422/-starting-administrato.aspx

http://www.tech-archive.net/Archive/Development/microsoft.public.win32.programmer.kernel/2008-05/msg00356.html

Thanks