This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(41.6, 90%, 14%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAC%3C/text%3E%3C/svg%3E)
Hello,
I am trying to run a process in an AppContainer. This process is created from a service, so is in session 0 running as LOCAL_SYSTEM.
I have also tried CreateProcessAsUser to run it as LOCAL_SERVICE (also in session 0) and it doesn't work.
If I use WTSQueryUserToken to get the token of a logged in user, the process in the AppContainer does work. Also if I run my code as a logged in user rather than from a service, it works.
Finally, curiously running "cmd.exe" as the process in the AppContainer works in all cases. But "powershell.exe" does not and "java.exe --version" does not. With the latter I have ensured that the correct ACL (read/execute) is set on JAVA_HOME (and as mentioned, all of these cases work when run as a logged in user)
In the cases where the processes don't work the error code is 0xC0000142
What am I missing here? Do AppContainers not work with services by design? Is there any way I can get better debug on why the processes are failing to start? I'm presuming a file permission issue on a runtime dependency, but what it could be is beyond me
Thanks,
Alex
Appendix:
cmd.exe
powershell.exe
java.exe --version
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(211.20000000000002, 92%, 30%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERL%3C/text%3E%3C/svg%3E)
@Alex Crane Hope you are well. Have you checked @Xiaopo Yang - MSFT 's reply? Is it helpful to your issue?
Thank you, yes further investigation with procmon showed it was user32.dll that was failing to initialise
This led me to various forum posts about increasing the size of the non-interactive desktop heap. This unfortunately did not work.
What I found did work was that the AppContainer needed to have read access assigned to it for session 0s desktop and winstation. Presumably it was this lack of access (by design with AppContainers? But perhaps interactive desktops have the "ALL APPLICATION PACKAGES" group??) which meant that desktop heap allocations failed
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 34%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EXY%3C/text%3E%3C/svg%3E)
According to the question, some Dynamic Link Libraries which powershell.exe loaded need desktop heap to function.