RunAs Verb (Process.Start) doesn't work from a LocalSystem .NET Service
Article
The Process.Start method in System.Diagnostics is equivalent to CreateProcess() in Win32. If you want to
launch a process as a different user, in Win32 you either need to call CreateProcessAsUser,
CreateProcessWithLogonW or CreateProcessWithTokenW. In .NET using Process.Start, you can use the
“runas” verb to the same thing.
If you have a .NET Service configured with the LocalSystem account, the “runas” verb doesn’t work and
you’ll encounter an exception and a failure of “access denied”.
Unhandled Exception: System.ComponentModel.Win32Exception: Access is denied
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start(ProcessStartInfo startInfo)
Internally what is happening is that .NET is using CreateProcessWithLogonW() to implement the
“runas” verb. If you take a look at the remarks for CreateProcessWithLogonW(), you’ll find the following,