CreateProcess running as user: "NT AUTHORITY/Network Service" without knowing the credentials?

I have a windows service running as local system. I would like the service to spawn a process as "NT AUTHORITY/Network Service". However, I do not have the credentials for this account. How can I spawn the process as the "Network Service" u开发者_C百科ser, using c++.

I'm not in front of my win32 dev box, so I can't confirm, but I'll offer two possible approaches:

• Iterate through the list of processes
• Call OpenProcess() to get the handle of an existing NETWORK SERVICE process
• Call OpenProcessToken() using that handle to get the security token from his process
• Call CreateProcessAsUser() with the token to create a process as NETWORK SERVICE

Alternatively, you could:

• Call CreateService() using NT AUTHORITY\NetworkService in lpServiceStartName
• Call StartService() to launch the process