如何使用当前（运行方式）用户运行explorer.exe？ [英] How do I run explorer.exe with current (run as) user?

问题描述

大家好，



我几个月来一直在撞墙，试图弄清楚我做错了什么。我应该提到的最重要的事情之一是我们使用SmartCard登录。目前，我们仍然有用户名和密码，但它们很快就会消失。



我写了一个用于执行远程管理任务的Windows应用程序。一项任务（12项中的任务）从未正常运作。每次我尝试在远程计算机的C驱动器的上下文中打开explorer.exe时，我会收到拒绝访问和提示凭据。输入SmartCard PIN仅返回拒绝访问。这种方法的唯一方法是输入域管理员帐户的用户名/密码。这应该不起作用，因为我们的帐户配置为基于用户的执行，要求SmartCard对帐户进行身份验证（这就是为什么他们将很快删除我们的密码）。



仅当使用普通用户帐户登录并使用域管理员帐户使用以管理员身份运行时才会出现此行为。以管理员身份登录时，我没有被提示。所有其他功能，例如远程计算机管理，远程命令提示符（psexec）和一些需要管理员权限的本土表单，在使用任一帐户登录时都不会提示工作。



我正在使用一个简单的流程调用：

Hi all,

I've been banging my head against the wall for months now trying to figure out what I'm doing wrong. One of the most important things I should mention is that we use SmartCard login. Currently, we still have usernames and passwords, but they are going away soon.

I wrote a Windows app that is used to perform remote admin tasks. One task (out of 12) has never worked right. Each time I try to open explorer.exe in the context of a remote machine's C drive, I get an "Access Denied" and a prompt for credentials. Entering the SmartCard PIN only comes back to "Access Denied". The only way this works is to enter the username/password for the domain admin account. This shouldn't work because our accounts are configured for User Based Enforcement to require the SmartCard to authenticate to the account (which is why they will be removing our passwords soon).

This behavior only happens when logged in with a normal user account and using "Run as administrator" with a domain admin account. When logged in as admin, I'm not prompted. All of the other functions, such as Remote Computer Management, Remote Command Prompt (psexec) and a few home-grown forms that require admin privileges work fine without prompting when logged in with either account.

I'm using a simple Process call:

Process proc = new Process();
proc.StartInfo = new ProcessStartInfo();
proc.StartInfo.FileName = "explorer.exe";
proc.StartInfo.Arguments = "\\\\" + comp.Text + "\\c$";
proc.StartInfo.CreateNoWindow = true;
proc.StartInfo.RedirectStandardOutput = true;
proc.StartInfo.UseShellExecute = false;
proc.Start();
proc.Close();

我正在使用这个完全相同的代码来运行其他函数而没有问题。我做错了什么？

I am using this exact same code to run the other functions without issue. What am I doing wrong?

推荐答案

;
proc.StartInfo.CreateNoWindow = true ;
proc.StartInfo.RedirectStandardOutput = true ;
proc.StartInfo.UseShellExecute = false ;
proc.Start（）;
proc.Close（）;

"; proc.StartInfo.CreateNoWindow = true; proc.StartInfo.RedirectStandardOutput = true; proc.StartInfo.UseShellExecute = false; proc.Start(); proc.Close();

我正在使用这个完全相同的代码来运行其他功能没有问题。我做错了什么？

I am using this exact same code to run the other functions without issue. What am I doing wrong?

你已经以本地用户身份运行它。但这样做完全没有意义。用户总是可以在没有你的帮助的情况下运行资源管理器，以管理员身份或默认情况下。当然用户的权限可以是有限的。让我告诉你：从任何其他程序启动它使用资源管理器都无法添加任何功能，没有无论你做什么。资源管理器与使用Shell API的任何其他应用程序没什么区别，包括你自己可以写的一些应用程序。整个想法o启动某些应用程序非常糟糕，除非您开发的工具本身就像文件管理器或其他系统实用程序，但是您不需要启动另一个文件管理器。也许您应该直接关注使用资源管理器解决的任务，而不是运行资源管理器。如果您对远程管理/管理感兴趣，请参阅：

https://msdn.microsoft.com/en-us/library/aa384426%28v=vs.85%29.aspx [ ^ ]，

https://technet.microsoft.com/en-us/library/ee449470%28v = ws.10％29.aspx [ ^ ]，

https://technet.microsoft.com/en-us/library/ee449467%28v=ws.10%29.aspx [ ^ ]。

< br $> b $ b



一个奖励：t他是如何通过创建和嵌入适当的应用程序清单来创建一个通过UAC对话框请求提升的应用程序： http ：//msdn.microsoft.com/en-us/library/bb756929.aspx [ ^ ]。



以下是您以编程方式以管理员身份运行的方式：

https：// msdn。 microsoft.com/en-us/library/system.diagnostics.processstartinfo.verb%28v=vs.110%29.aspx [ ^ ]，

https://msdn.microsoft.com/en-美国/升ibrary / system.diagnostics.processstartinfo.verbs％28v = vs.110％29.aspx [ ^ ]，

http://stackoverflow.com/questions/133379/elevating-process-privilege-programatically [ ^ ]（参见最佳答案： startInfo.Verb = runas）。



正如我已经告诉过你的那样，启动具有当前用户权限的进程不需要这样的东西;这是默认值。

-SA

You already run it as a local user. But doing it makes no sense at all. The user can always run Explorer without your help, "as administrator" or by default. Of course the current user's privileges can be limited. Let me tell you: using Explorer by starting it from any other program cannot add any functionality, no matter what you do. Explorer is no different from any other application using Shell API, including some applications you could write yourself. The whole idea to start some application is pretty bad, unless the tool you develop is itself something like a file manager or other system utility, but then you would not need to start another file manager. Perhaps you should directly focus on the tasks you wanted to solve using Explorer, not running Explorer. If you are interested in remote administration/management, please see:
https://msdn.microsoft.com/en-us/library/aa384426%28v=vs.85%29.aspx[^],
https://technet.microsoft.com/en-us/library/ee449470%28v=ws.10%29.aspx[^],
https://technet.microsoft.com/en-us/library/ee449467%28v=ws.10%29.aspx[^].



One bonus: this is how you can create an application which requests the elevation with UAC dialog by creating and embedding appropriate application manifest: http://msdn.microsoft.com/en-us/library/bb756929.aspx[^].

And this is how you do "run as administrator" programmatically:
https://msdn.microsoft.com/en-us/library/system.diagnostics.processstartinfo.verb%28v=vs.110%29.aspx[^],
https://msdn.microsoft.com/en-us/library/system.diagnostics.processstartinfo.verbs%28v=vs.110%29.aspx[^],
http://stackoverflow.com/questions/133379/elevating-process-privilege-programatically[^] (see the top answer: startInfo.Verb = "runas").

As I already told you, nothing like that is needed to start a process with a current user's privileges; this is the default.

—SA

也许我没有正确解释。该应用程序更像是桌面支持控制台。我检索并显示有关远程用户桌面计算机的数据，并允许管理员（使用非管理员帐户登录时以管理员身份运行应用程序）执行与远程桌面相关的某些任务。我想打开一个窗口（它不一定是Windows资源管理器文件管理器），显示远程桌面硬盘的内容，以便我可以直观地检查文件和文件夹。这也可以通过输入

Maybe I didn't explain this correctly. The app is more like a desktop support console. I retrieves and displays data about a remote user's desktop computer and allows the admin (running the app with run as administrator while logged in with a non-admin account) to perform certain tasks related to the remote desktop. I want to open a window (it doesn't necessarily have to be windows explorer file manager) that shows the contents of the remote desktop's hard drive so I can visually check for files and folders. This can also be accomplished by typing

\\comptuername\c

这篇关于如何使用当前（运行方式）用户运行explorer.exe？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！