I had to delve into this because the code that worked fine on Windows 2003/XP doesn't on Windows 7. Application launched by the use of CreateProcessAsUser fails with 0xc0000142 error code. The difference between my old code and one available from MSDN at Starting an Interactive Client Process in C++ is that I didn't set up privileges and to Window Station and desktop. I've updated my code according to the example, but I would very much like to understand which change in newer Windows made running processes in interactive Window station a requirement?

At least part of the requirements derive from the change to run interactive processes in a different session from services. This was done so that applications could not run 'shatter' style attacks against privileged services. More information is available here.