{"id":112444,"date":"2026-06-18T07:00:00","date_gmt":"2026-06-18T14:00:00","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/oldnewthing\/?p=112444"},"modified":"2026-06-18T14:26:46","modified_gmt":"2026-06-18T21:26:46","slug":"20260618-00","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/oldnewthing\/20260618-00\/?p=112444","title":{"rendered":"Why doesn&#8217;t <CODE>Get&shy;Last&shy;Input&shy;Info()<\/CODE> return info for the user I&#8217;m impersonating?"},"content":{"rendered":"<p>A customer had a Windows NT service process, and from that service process, they wanted to obtain the last input time for all signed-in users. Their strategy was to use <code>WTS\u00adQuery\u00adUser\u00adToken()<\/code> to get the token for each user, use that token to impersonate the user, and then call <code>Get\u00adLast\u00adInput\u00adInfo()<\/code> to get the last input time for that user. Unfortunately, the function always return the last input info for the service session, and since services are not interactive, it always says that there has been no input since the system booted.<\/p>\n<p>Does <code>Get\u00adLast\u00adInput\u00adInfo()<\/code> work with impersonation?<\/p>\n<p>Recall that <a title=\"Does this operation work when impersonating? The default answer is NO\" href=\"https:\/\/devblogs.microsoft.com\/oldnewthing\/20110928-00\/?p=9533\"> the default answer to &#8220;Does this work when impersonating?&#8221; is &#8220;No&#8221;<\/a>. And in fact, the documentation for <code>Get\u00adLast\u00adInput\u00adInfo()<\/code> explicitly says that it doesn&#8217;t, if you read it closely.<\/p>\n<blockquote class=\"q\"><p>This function is useful for input idle detection. However, <b>GetLastInputInfo<\/b> does not provide system-wide user input information across all running sessions. Rather, <b>GetLastInputInfo<\/b> provides session-specific user input information <u>for only the session that invoked the function<\/u>.<\/p><\/blockquote>\n<p>I underlined the important part. It reports on the last input information for the session that invoked the function. When the service impersonates, it updates its security context to align with that of the user being impersonated, but it doesn&#8217;t change the fact that that it is still running in session zero, the service session.<\/p>\n<p>If you need to get last input information from another session, you will need a friend in that session to call it for you. Typically this is done by launching a helper process into the target session: The helper process collects the information you want and then sends the information to the service.<\/p>\n<p><b>Bonus chatter<\/b>: A related question is &#8220;Does <code>Get\u00adAsync\u00adKey\u00adState<\/code> from a service?&#8221; The answer is technically yes, it works. However it probably doesn&#8217;t work the way you think. It returns the asynchronous key state for the desktop that the service is running in. And since services run in a non-interactive session, that desktop will never see any keyboard activity.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It doesn&#8217;t care about impersonation, says so on the tin.<\/p>\n","protected":false},"author":1069,"featured_media":111744,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-112444","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-oldnewthing"],"acf":[],"blog_post_summary":"<p>It doesn&#8217;t care about impersonation, says so on the tin.<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/112444","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/users\/1069"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/comments?post=112444"}],"version-history":[{"count":1,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/112444\/revisions"}],"predecessor-version":[{"id":112445,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/posts\/112444\/revisions\/112445"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media\/111744"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/media?parent=112444"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/categories?post=112444"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/oldnewthing\/wp-json\/wp\/v2\/tags?post=112444"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}