支持的唯一方式做，这是实现一个凭据提供程序，按照RRUZ的评论。

The only supported way to do this is to implement a credential provider, as per RRUZ's comment.

如果你不介意打破规则，运行在本地系统中的服务应该能够在您选择的会话启动子。使用 OpenProcessToken 以得到一个处理你的安全令牌，使用的 DuplicateTokenEx ，使用的 SetTokenInformation 来改变令牌会话标识符，然后调用 CreateProcessAsUser 启动子。 （刚开始，这将是最简单的用一个单独的可执行文件，但一旦你熨平了错误，你可以通过使用命令行参数或环境变量来区分滚动服务与子成一个可执行文件，例如这两种情况。）

If you don't mind breaking the rules, a service running as local system should be able to launch a subprocess in the session of your choice. Use OpenProcessToken to get a handle to your security token, duplicate it with DuplicateTokenEx, use SetTokenInformation to change the token session identifier, then call CreateProcessAsUser to launch the subprocess. (Initially, it would be simplest to use a separate executable, but once you've ironed out the bugs you could roll the service and the subprocess into a single executable, for example by using a command-line argument or an environment variable to distinguish the two cases.)

WTSGetActiveConsoleSessionId 功能会告诉你哪个会话当前连接到物理控制台。

The WTSGetActiveConsoleSessionId function will tell you which session is currently connected to the physical console.