检查另一个进程在.NET管理员权限 [英] Check if another process has admin privileges in .NET

问题描述

我正在寻找一种方法来检查远程进程从我的（全面管理）code具有管理员权限。它是安全的假设，我的code运行以管理员权限运行，所以我并不怎么在意侵入性的技术来实现我的目标是什么，但是我正在寻找一种完全托管的方式，也必须与XP兼容SP3的x86一路下跌到X64 Win7的方法。

I'm looking for a way to check that a remote process has administrator privileges from my (fully managed) code. It's safe to assume that my code will run be run with administrator privileges, so I don't care how invasive the technique to achieve my goal is, however I'm looking for a fully managed way which must be compatible with XP SP3 x86 all the way down to win7 x64.

在此先感谢！

修改：为了澄清，我说的是谁开始它的用户大约在同一台机器上运行的进程无关。我想，以确保无论是与进程相关的标识属于Administrators组或主线程的全部权限，特别关于继承打开的句柄通过提升进程，并写入到存储，没有任何限制，但这些应用程序催生的以管理员身份运行选项。

Edit: in order to clarify, I'm talking about a process running on the same machine, regardless of the user who started it. I want to make sure that either the identity associated with the process belongs to the Administrators group or that the main thread has full privileges, with special regards to inheriting handles opened by elevated processes and writing to the storage without any restriction but those applied to processes spawned with the "Run as administrator" option.

推荐答案

调用OpenProcess（PROCESS_QUERY_INFORMATION）+的 OpenProcessToken （TOKEN_QUERY）来获得令牌，然后将该令牌和的 CreateWellKnownSid （WinBuiltinAdministratorsSid）来的 CheckTokenMembership （）

OpenProcess(PROCESS_QUERY_INFORMATION)+OpenProcessToken(TOKEN_QUERY) to get the token, then pass that token and the SID from CreateWellKnownSid(WinBuiltinAdministratorsSid) to CheckTokenMembership()

要能够打开（几乎）所有的过程PROCESS_QUERY_INFORMATION访问你需要以管理员身份运行，并与的调试特权的。

To be able to open (almost) every process for PROCESS_QUERY_INFORMATION access you need to be running as administrator and with debug privileges.

这篇关于检查另一个进程在.NET管理员权限的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！