I want at least to distinguish cases when my software is being ran as batch job (LOGON32_LOGON_BATCH) from being ran interactively (LOGON32_LOGON_INTERACTIVE).
HANDLE hToken;
// Open the current process's token
if (OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hToken))
{
// Get the token statistics, which include the logon session id
TOKEN_STATISTICS stats;
DWORD length;
if (GetTokenInformation(hToken, TokenStatistics, &stats, sizeof(stats), &length))
{
// Get data about the logon session, which includes the logon type
PSECURITY_LOGON_SESSION_DATA pData;
if (LsaGetLogonSessionData(&stats.AuthenticationId, &pData) == 0)
{
// From SECURITY_LOGON_TYPE enumeration
switch (pData->LogonType)
{
case Interactive:
wprintf(L"Interactive\n");
break;
case Batch:
wprintf(L"Batch\n");
break;
default:
wprintf(L"Other: %i\n", pData->LogonType);
break;
}
LsaFreeReturnBuffer(pData);
}
}
CloseHandle(hToken);
}