使用不同的用户凭据启动另一个进程与提升 [英] Starting another process with elevation using different user credentials
问题描述
我想从一个非提升过程中开始提升的过程,但我还需要提供用户名和密码与管理凭据的用户。我都试过了运行方式方法提升以及使用清单,但两者产生不同的错误。
I'm trying to start an elevated process from with a non-elevated process, but I also need to supply the username and password for a user with administrative credentials. I've tried both the "runas" method for elevation as well as using a manifest, but both yield different errors.
例如,如果我这样做(不使用一个清单,要求高度):
For example, if I do this (without using a manifest that requires elevation):
ProcessStartInfo info = new ProcessStartInfo(path);
info.UseShellExecute = false;
info.UserName = username;
info.Password = securePwd;
info.Domain = "MyDomain";
info.Verb = "runas";
var proc = Process.Start(info);
该进程启动时不显示UAC确认对话框,并未能在试图执行需要管理员权限的命令(我只是想编写一个测试文件到Program Files目录下)。
The process launches without displaying the UAC confirmation dialog and fails upon trying to execute the command that requires administrator permissions (I'm just trying to write a test file to the Program Files directory).
如果我添加一个明显的目标应用程序指示它需要提升,然后我得到一个 Win32Exception ,说明该操作需要提升。
If I add a manifest to the target application that indicates that it requires elevation, then I get a Win32Exception stating that the operation requires elevation.
这个问题似乎被设定 UseShellExecute 到假(因为这两种方法正常工作时,不是这种情况),但我必须将它设置为false,以启动进程在不同的用户帐户。
The issue seems to be setting UseShellExecute to false(as both approaches work fine when this is not the case), but I have to set it to false in order to launch the process under a different user account.
如何启动一个提升的过程,从非提升过程,并提供手动的用户名和密码?
赏金编辑:当用户不能被要求的输入的管理员凭据,一个UAC唠叨对话是完全可以接受的。我不希望在这里绕过UAC。
BOUNTY While the user cannot be required to enter administrator credentials, a UAC nag dialog is perfectly acceptable. I'm not looking to bypass UAC here.
推荐答案
我很惊讶,有没有办法做到这一点,直到我发现了一个由克里斯杰克逊博客条目:
i was surprised there's no way to do this, until i found an on blog entry by Chris Jackson:
您需要一个引导程序。一些过程,这将让你做过渡到备用用户,这可能是负责运行requireAdministrator应用。所以,你可以设计出这样的事情:
Why Can’t I Elevate My Application to Run As Administrator While Using CreateProcessWithLogonW?
You need a bootstrapper. Some process which will let you do the transition to the alternate user, which could be responsible for running the requireAdministrator application. So, you could design something like this:
为什么我们不只是创建 ShellExecuteWithLogonW API?我永远不会说永远,我们可能会在某个时候。但今天,用例为这个API已使用的情况下出现了一个备用设计,优越。
Why don’t we just create the ShellExecuteWithLogonW API? I’ll never say never, and we might at some point. But today, the use cases for this APIs have been use cases where there has been an alternate design which is superior.
最普遍的要求是一个人写的本土软件部署的软件,他们希望EN code凭据对进入应用程序,并提升自己的过程。这里真正的问题并不在于缺少的API,那就是你必须在你的应用程序管理员凭据连接codeD世界阅读。
The most common request is for people writing home-grown software deployment software, where they’d like to encode credentials right into the app and elevate their own process. The real problem here is not the lack of the API, it’s that you have admin credentials encoded in your app for the world to read.
所以,解决方案的需要的的ShellExecute ,它知道如何引发的同意对话框中唯一的一个。
So the solution requires ShellExecute, it's the only one that knows how to trigger a Consent dialog.
这带来了一个好点的?什么是你一个人的密码已经做了
It brings up a good point: What are you doing with a person's password already?
有没有UAC在Server Core上,因为没有窗户,显示同意提示。
There's no UAC on Server Core because there's no windows to show a consent prompt.
这篇关于使用不同的用户凭据启动另一个进程与提升的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
