可以使用服务来提升用户安装软件的权限吗？ [英] Possible to use service to elevate rights for users to install software?

问题描述

有很多软件自助服务门户，如SCCM软件中心，ManageEngine Portal等。 我想编写自己的自定义应用程序/服务，允许非管理员用户从列表中选择预先批准的软件，并安装
it。

There are many software self-service portals out there, such as SCCM Software Center, ManageEngine Portal, etc.  I want to write my own custom application/service that will allow non-admin users to select pre-approved software from a list, and install it.

这些管理平台和申请发布 使用GP不是我的选择。  

These management platforms and application publishing  with GP are not options for me.  

我无法找到解决此问题的方法。 用户启动的任何应用程序都没有管理员权限来运行安装，所以我最好的猜测是让一个服务作为系统运行，而一个"代理"运行。可以由用户启动
（桌面图标，登录时自动运行等）。 这似乎是SCCM和其他平台的做法。

I haven't been able to find much in the way of how to go about this.  Any application started by a user will not have admin rights to run the install, so my best guess is to have a service running as System and an "agent" that can be started by the user (desktop icon, autorun on login, etc).  It appears this is how SCCM and other platforms do it.

有没有人在这个舞台上有一些经验？ 代理可以接受用户输入，将数据传递给服务以启动安装程序作为"系统"。或其他管理员帐户？ 用户是否会看到安装程序提示输入？

Does anyone have some experience in this arena?  Can the agent accept user input, pass the data to the service to start the installer as "system" or another admin account?  Will installer prompts for input be seen by the user?

谢谢！

推荐答案

您好，

感谢您在此处发帖。

我认为您可以尝试使用以下方法来提升用户的权限。

I think that you can try to use the following method to elevate privilege for user.

如果您的计算机在安装任何程序时需要管理员帐户，我认为您无法避免使用管理员帐户。

If your computer needs administrator account when you install any program, I think that you cannot avoid to use the administrator account.

1。在权限较少的帐户下运行。一种方法是使用
PrivilegeCheck 以确定令牌中启用的权限。如果可用权限不适合当前操作，则可以禁用该代码并要求用户登录具有管理员权限的帐户。

1. Run under an account with less privilege. One way to do this is to use PrivilegeCheck to determine what privileges are enabled in a token. If the available privileges are not adequate for the current operation, you can disable that code and ask the user to logon to an account with administrator privileges.

2。闯入需要管理员权限的单独应用程序功能。您可以为用户提供执行RunAs命令的​​快捷方式。有关如何设置快捷方式的详细说明，请搜索"runas"。在帮助中。
以编程方式，您可以配置 
RunAs 命令下< a href ="https://msdn.microsoft.com/en-us/library/windows/desktop/ms682359(v=vs.85).aspx">
AppId Key 注册表项应用程序。

2. Break into a separate application functions that require administrator permissions. You can provide for the user a shortcut that executes the RunAs command. For detailed instructions on how to set up the shortcut, search for "runas" in Help. Programmatically, you can configure the  RunAs command under the AppId Key registry key for your application.

我认为第一种方法是最好的，因为API提供了一个AdjustTokenGroups方法来修改权限令牌。 如果令牌可以成功修改。我认为您的问题应该得到解决。

I think that the first method was best, since API has provided a AdjustTokenGroups method to modify the privilege token.  If the token may be modified successfully. I think that your issue should be solved.

这只是解决方案，当您遇到问题并遇到问题时，请告诉我。

this is just solution, when you are developing issue and encounter some issue, please let me know.

Best 此致，

Best  Regards,

Hart

这篇关于可以使用服务来提升用户安装软件的权限吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！