I've written a custom Vista Credential Provider to facilitate smart
card log on to Vista.

Because Vista CredProvs are destroyed when the user is successfully
logged on, I created a service to handle the smart card removal events
(lock, log off, shutdown).

Because the LockWorkStation() and ExitWindowsEx() are callable only by
processes running on the interactive desktop I was forced to make
those calls by using WTSGetActiveConsoleSessionId(),
WTSQueryUserToken(), DuplicateTokenEx(), CreateProcessAsUser() and
WaitForSingleObject().  The CreateProcessAsUser() calls the service's
executable with specific command line arguments that should handle the
smart card event.  All of this works perfectly when logged on as an
admin.  Unfortunately, when logged on as a user or guest account the
executable is never called even though the CreateProcessAsUser()
returns successfully and an error is produced.

The event viewer displays an Event ID: 1000 with an exception code of
0xc0000417, which translates to STATUS_INVALID_CRUNTIME_PARAMETER.
I've tried debugging the service with windbg, but that has proven
difficult when logged on with a guest account.

I don't understand how/why being logged on as a guest has any effect
on a service.  In Task Manager, my service's executable has User Name
SYSTEM, and Group N/A if that makes a difference.

I can provide source code if necessary.

Any ideas?

So I created a new exe to call from the CreateProcessAsUser() that
would handle the ExitWindows() & LockWorkstation(), to check if
calling those functions from a second instance of the service's exe
was causing the issue.

No game, I'm getting the same result.

It must be related to the way I'm calling CreateProcessAsUser() while
logged on as a Guest account.