为每个进程,用户或会话为非交互用户获取Window Station? [英] Get Window Station for a non-interactive user per process, user or session?
问题描述
使用CreateProcessAsUser时,我们传递STARTUPINFO并使用lpDesktop NULL,目标是winsta0 / default,即交互式用户的交互式桌面。
When using CreateProcessAsUser we pass STARTUPINFO and with lpDesktop NULL, the target is winsta0/default, the interactive desktop of the interactive user.
我希望将窗口作为目标
我认为它不能是winsta0,因为这是为单个交互式用户保留的。用户。
I assume that it can't be winsta0 because that's reserved for the single interactive user.
我在这里查看函数列表:
http://msdn.microsoft.com/zh-cn/library/ms687107(v = VS.85).aspx
I am looking at the function list here: http://msdn.microsoft.com/en-us/library/ms687107(v=VS.85).aspx
我可以枚举计算机上的窗口站,但是如何确定哪个窗口站连接到哪个用户/进程/会话?
I can enumerate window stations on the machine, but how do I identify which window station is connected to which user/process/session?
每个窗口站都连接到会话
每个进程都有一个目标窗口站
Each window station is connected to a session Each process has a target window station
但是,例如,如果有一个进程或会话ID,我可以确定哪个Window St
But how, for example if I have a process, or a session ID, do I determine which Window Station it is associated with?
推荐答案
在WinXP / Win2K3或更高版本上,您可以执行以下操作:
On WinXP/Win2K3 or higher, you could do the following:
- 调用WTSEnumerateSessions以获取活动会话信息列表(还将为您提供与每个会话相关的窗口站名称)。
- 将会话ID传递给WTSQueryUserToken。
- 将令牌传递给GetTokenInformation以获取用户的SID。
- 将用户的SID传递给LsaLookupSids以获取用户名和域名。
- Call WTSEnumerateSessions to get a list of active session information (which will also give you the window station name associated to each session).
- Pass the session id to WTSQueryUserToken.
- Pass the token to GetTokenInformation to get the user's SID.
- Pass the user's SID to LsaLookupSids to get the user and domain names.
此外,如果要确定哪个会话是活动控制台会话,则可以比较该会话id = WTSGetActiveConsoleSessionId的返回值。
Also, if you want to identify which session is the active console session, you can compare the session id to the return value of WTSGetActiveConsoleSessionId.
但是,我建议使用WTSQueryUserToken返回的令牌通过CreateProcessAsUser在目标桌面上启动进程,如Franci所述。您必须将其通过DuplicateTokenEx传递,以将其从模拟令牌转换为主令牌,但它在WinXP或更高版本上有效,并且Microsoft将其记录为从Vista和Windows Vista的服务桌面启动交互式应用程序的首选方式。更高。
However, I would recommend using the token returned from WTSQueryUserToken to launch a process on the target desktop via CreateProcessAsUser, as Franci mentioned. You'll have to pass it through DuplicateTokenEx to convert it from an impersonation token to a primary token, but it works on WinXP or higher, and Microsoft documents it as the "preferred" way to launch interactive applications from the services desktop on Vista and higher.
这篇关于为每个进程,用户或会话为非交互用户获取Window Station?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
