Currently I debug my service process from XP to Win7. One UAC problem appears.
It calls CreateProcessAsUser API. This API works well in all cases in XP and service mode for Win7.
But when I debug it in Win7, it fails. After a long time asking @MSDN and researching, one UAC issue comes up.
The debugging process runs in session 1 not session 0[service session].
UAC force use filtered token which means the privileges in this token is limited.
Even run as administrator, some priviliges are dropped.
So, it's the root reason why the call failed.
Workaround solutions:
a. Add privileges in LocalSecurity mmc:
SeAssignPrimaryTokenPrivilege
SeIncreaseQuotaPrivilege
to the user you logged on.
b. shutdown UAC.