Windows上的普通用户可以启动服务吗? [英] Can a service be started by normal user on Windows?
问题描述
我有一个使用Delphi创建的服务应用程序,并设法使用提升的特权从另一个Delphi应用程序安装了该应用程序。
I have a service application created with Delp and managed to install it from another Delphi application using elevated privileges.
该服务设置为以本地身份登录系统帐户(在Delphi中创建服务应用程序时是默认帐户)。
The service is set to log on as the Local System account (which is default when creating a service application in Delphi).
我还有另一个Delphi应用程序,在该应用程序中普通用户应该能够启动或停止以上服务。
I have another Delphi application in which an ordinary user is supposed to be able to start or stop the above service.
我的问题是:Windows允许吗?当我尝试在Delphi中使用代码启动该服务时,由于代码5而无法正常运行。如何防止发生此错误?我希望能够让普通用户运行该应用程序(不在管理员模式下,因此不具有提升的特权)来启动/停止服务。有可能吗?下面是我的代码:
My question is: Is this allowed by Windows? When I try to start the service using code in Delp it just fails with 'Code 5. Access is denied.' How can I prevent this error from occurring? I want to be able to have the normal user running the application (not in Administrator mode and thus not with elevated privileges) to start / stop the service. Is it possible and if so how? Below is my code:
function ServiceStart(sMachine, sService: string): boolean;
var
schm, schs: SC_Handle;
ss: TServiceStatus;
psTemp: PChar;
dwChkP: DWord; // check point
begin
ss.dwCurrentState := 0;
// connect to the service control manager
schm := OpenSCManager(PChar(sMachine), nil, SC_MANAGER_CONNECT);
// if successful...
if (schm <> 0) then
begin
// open a handle to the specified service
// we want to start the service and query service
// status
schs := OpenService(schm, PChar(sService), SERVICE_START or SERVICE_QUERY_STATUS);
// if successful...
if (schs <> 0) then
begin
psTemp := nil;
if (StartService(schs, 0, psTemp)) then
begin
// check status
if (QueryServiceStatus(schs, ss)) then
begin
while (SERVICE_RUNNING <> ss.dwCurrentState) do
begin
// dwCheckPoint contains a value that the
// service increments periodically to
// report its progress during a
// lengthy operation. Save current value
dwChkP := ss.dwCheckPoint;
// wait a bit before checking status again
// dwWaitHint is the estimated amount of
// time the calling program should wait
// before calling QueryServiceStatus()
// again. Idle events should be
// handled here...
Sleep(ss.dwWaitHint);
if not QueryServiceStatus(schs, ss) then
begin
// couldn't check status break from the
// loop
break;
end;
if ss.dwCheckPoint < dwChkP then
begin
// QueryServiceStatus didn't increment
// dwCheckPoint as it should have.
// Avoid an infinite loop by breaking
break;
end;
end;
end;
end
else
begin
if MessageDlg('Start Service failed. Do you want remove it?',
mtWarning, [mbYes, mbNo], 0) = mrYes then
begin
InstallUninstallService(1);
end;
end;
// close service handle
CloseServiceHandle(schs);
end else RaiseLastOSError;
// close service control manager handle
CloseServiceHandle(schm);
end;
// Return TRUE if the service status is running
Result := SERVICE_RUNNING = ss.dwCurrentState;
end;
推荐答案
默认情况下,您需要具有管理员权限才能启动,停止,安装和删除服务。
By default you need to have admin privileges to start, stop, install and delete services.
您将必须安排服务公开其自己的Active属性,这与Windows所运行的术语有所不同。安排它始终以Windows术语运行,但是当其Active属性为false时保持惰性。
You will have to arrange for your service to expose its own Active property, distinct from what Windows terms as running. Arrange that it is running in Windows terms all the time, but inert when its Active property is false.
您必须为用户应用实现一种控制机制。我已经使用命名管道完成了此操作,但是还有其他可用的IPC方法。
You'll have to implement a control mechanism for your user app. I've done this with named pipes but the are other IPC methods available.
这篇关于Windows上的普通用户可以启动服务吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
