禁用每个应用程序的 Vista UAC，或在没有提示的情况下提升权限? [英] Disable Vista UAC per-application, or elevate privileges without prompt?

问题描述

我有一个普通用户需要能够运行的应用程序，但需要管理员权限才能实际运行.

I have an app that normal users need to be able to run, but requires administrator privileges to actually function.

我尝试创建快捷方式，让我的用户使用以管理员身份运行"运行它，但这只会在他们尝试运行应用程序时导致 UAC 提示.

I tried to make the shortcut that my users run it with "Run as administrator" but this just causes a UAC prompt whenever they try to run the app.

有没有办法以编程方式提升权限，而我的用户不需要通过 UAC 提示和/或知道管理员密码?从安全的角度来看，我知道大多数应用程序不应该被允许这样做，所以如果我能提供有效的用户名/密码对或其他东西，我希望有某种方法可以做到这一点.

Is there any way to elevate privileges programatically, without my users needing to go through a UAC prompt and/or knowing an administrator password? From a security standpoint, I understand that most applications shouldn't be allowed to do this, so I'm hoping there is some way to do it if I can provide a valid username/password pair, or something.

该应用程序是用 C# 编写的，因此最好使用完全托管的解决方案，但是 p/Invoke Black Magic(甚至编写一个 我们不提的 MC++ 包装器strong>) 比完全禁用 UAC 更可以接受.

The app is written in C#, so a fully managed solution would be preferred, but p/Invoke Black Magic (or even writing an MC++ Wrapper Which We Do Not Speak About) would be more acceptable than disabling UAC entirely.

推荐答案

通常通过安装以 SYSTEM 或管理员帐户运行的 Windows 服务来解决此问题.然后您的应用程序可以从该服务请求特权操作.

Generally this problem solved by installing a Windows Service which runs as SYSTEM or an admin account. Then your application can request the privileged action from this service.

显然不构成安全威胁，确保您的服务不能运行任意代码或可能使所有用户容易受到权限提升攻击的东西.

Obviously to not pose a security threat ensure that your service can't run arbitrary code or something which might leave the all users vulnerable to privilege escalation attacks.

Winpcap 和大多数其他嗅探应用程序使用类似的设计来为非特权用户提供嗅探访问权限.

这篇关于禁用每个应用程序的 Vista UAC，或在没有提示的情况下提升权限?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！