如何使用 Windows 安全描述符阻止执行其他应用程序? [英] How to use Windows Security Descriptor to prevent executing other applications?

问题描述

在我最近关于使用 CreateDesktop() API 调用创建新桌面并在其中执行我自己的应用程序并阻止其他应用程序在我的桌面中执行的问题之一中，有人指出我使用安全描述符！

In one of my recent questions about using CreateDesktop() API call to create a new desktop and execute my own application inside and prevent other applications to be executed in my Desktop someone pointed me to use security descriptors!

这里有人可以告诉我怎么做吗?

Is someone here who could tell me how to do that?

提前致谢！

推荐答案

所有命名对象，包括您创建的桌面，都有一个安全描述符.安全描述符描述了每个对象的所有者和组 SID(安全标识符)及其 ACL(访问控制列表).创建对象的函数使用它来控制谁可以访问该对象.

All named objects, which includes the desktop you create, have a security descriptor. A security descriptor describes the owner and group SIDs (security identifiers) for each object, along with its ACLs (access control lists). The function that creates the object uses it to control who has what access to the object.

CreateDesktop() 函数有一个可选参数，它是一个指向 SECURITY_ATTRIBUTES 对象的指针.SECURITY_ATTRIBUTES 对象有一个成员 lpSecurityDescriptor，它是一个指向 SECURITY_DESCRIPTOR 结构的指针.您可以调用众多功能SECURITY_DESCRIPTOR 来设置 ACL.

The CreateDesktop() function has an optional parameter which is a pointer to a SECURITY_ATTRIBUTES object. The SECURITY_ATTRIBUTES object has a member lpSecurityDescriptor, which is a pointer to a SECURITY_DESCRIPTOR structure. There are numerous functions you can call on the SECURITY_DESCRIPTOR to set the ACLs.

这篇关于如何使用 Windows 安全描述符阻止执行其他应用程序?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！