在标准用户登录时启动管理交互过程 [英] Launching an administrative interactive process when a standard user is logged on

问题描述

我有一个系统服务，它以管理员身份创建一个辅助交互进程，以便它可以访问一些与桌面相关的资源，包括不能从服务运行的 BlockInput() 函数和 NVIDIA 的 NVAPI 函数.当登录用户是管理员的成员时，以下工作:

I have a system service which creates a helper interactive process as administrator so that it can access some desktop-related resources, including the BlockInput() function and NVIDIA's NVAPI functions, which cannot be run from a service. When the logged on user was a member of Administrators, the following worked:

1. 设置权限级别，包括 SE_TCB_NAME
2. 使用 WTSGetActiveConsoleSessionId() 获取活动会话 ID
3. 使用 WTSQueryUserToken() 从会话 ID 获取登录用户
4. GetTokenInformation() 和 TokenLinkedToken
5. DuplicateTokenEx() 与 SecurityImpersonation
6. 使用 CreateProcessAsUser() 启动进程

但是，当我当前登录的会话是标准用户而不是管理员时，第 4 步失败，大概是因为标准用户没有与之关联的管理级别令牌.这里的解决方案是什么?我假设我需要获取管理员用户之一的令牌，但我该怎么做?如果该用户不是登录用户，它是否仍能访问与当前桌面交互的功能?

However, when I have the current logged on session be a standard user instead of one in Administrators, step 4. fails, presumably because the standard user doesn't have an administrative level token linked with it. What's the solution here? I assume I need to get the token of one of the administrator users, but how do I do that? And if that user is not the logged on one, can it still access functionality interactive with the current desktop?

推荐答案

您可以复制自己的令牌，然后使用 SetTokenInformation 函数更改复制的令牌上的会话，将其放入交互式会话.

You can duplicate your own token, then change the session on the duplicated token using the SetTokenInformation function to put it into the interactive session.

如您所见，不鼓励在交互式会话中以 SYSTEM 身份运行，因为它为交互式用户提供了攻击您的进程的机会，从而可能获得提升的权限.(搜索粉碎攻击"以获取更多信息.)但是，这种担忧同样适用于在非管理用户会话中以管理用户身份运行的进程.

As you note, running as SYSTEM in an interactive session is discouraged because it gives the interactive user openings to attack your process, potentially gaining elevated privileges. (Search for "shatter attack" for more information.) However, this concern applies equally well to a process running as an administrative user in a non-administrative user's session.

理想情况下，您应该在交互式会话中使用非管理进程来执行需要交互式会话的功能，同时使用服务来执行需要管理权限的功能.不应该有任何函数同时需要两者，但如果 NVAPI 违反此规则，您将无能为力.

Ideally, you should use a non-administrative process in the interactive session, to perform functions which require an interactive session, while using the service to perform functions which require administrative privilege. There shouldn't be any functions that require both, but if NVAPI breaks this rule, there's not much you can do about it.

考虑在交互式用户会话中将进程启动到专门创建(并适当保护)的工作站中，以尽量减少这种风险.

Consider launching the process into a specially created (and appropriately secured) workstation in the interactive user's session in order to minimize this risk.

这篇关于在标准用户登录时启动管理交互过程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！