I am attempting to use the MSDN article "Establishing a Client Context from a SID in C++" http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthz/security/starting_an_interactive_client_process_in_c__.asp to launch an instance of explorer.exe in the context of another user, in this case "Administrator". (I have set lpCommandLine to "explorer.exe".) Although explorer.exe starts, and appears to draw the desktop normally, only some of the windows can be accessed by "Administrator". For instance, when Administrator launches an application, "ToolbarWindow32" is updated successfully, but any window attempting to add an icon to "TrayNotifyWnd" will fail. The "Desktop User Pane" (in the Start menu) is also blank and can't be updated (by drag/drop, e.g.). However, any application running as SYSTEM can add itself to "ToolbarWindow32", and the application then runs without a problem. There appears to be some problem with ACE inherience (possibly with grandchildren ?). I have tried playing around with the "NO_PROPAGATE_INHERIT_ACE" flag in the code (which seems important) but was unable to change the behaviour. Could anyone please advise ? Regards Patrick
