具有管理特权的进程在用户登录时运行 [英] Process with administrative privileges run on user logon
问题描述
我正试图找出如何解决特权获取的问题.
I'm trying to figure out how to solve the privilege acquisition.
该应用程序需要桌面访问权限,因此不能作为Windows服务执行:它必须创建一个窗口以使用SendMessage接收其他进程发送的消息(必须用于等待消息确认).
The application requires a desktop access, so it cannot be executed as a Windows service: it have to create a window for receiving message sent by other processes using SendMessage (it must be used for waiting message acknowledge).
应在用户登录时启动该应用程序,并将管理用户会话(管理应用程序,Windows ...).一次只能管理一个用户.
The application shall be started when an user login, and it will manage the user session (manage applications, windows...). Only one user can be managed at time.
我要问的是哪个是请求特权获取的最佳解决方案,因为应用程序需要它(执行一个调用SetWindowsHook的过程).
What I'm asking is which is the best solution for requesting privilege acquisition, since the application requires it (execute a process which calls SetWindowsHook).
- 如何在具有(较高)特权的用户登录时运行任何进程,而可能不会提示UAC消息?可以在安装阶段执行设置操作...
- 如何在用户登录时运行实用程序服务以启动进程?这样,(已安装的)服务可以在没有任何特权的情况下运行有效的过程...
- 还有其他解决方案吗?*
拥有完全兼容的UAC应用程序将采取哪些明确的措施?(我是说在构建和部署阶段?
What are the definive action to be taken for having a full compatible UAC application? (I mean in the build and deploy phases?
例如,我使用mt.exe(使用VS2005)包含以下清单文件:
For example, I am including the following manifest file using mt.exe (using VS2005):
<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft- com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
security>
<applicationRequestMinimum>
<defaultAssemblyRequest permissionSetReference="Custom" />
<PermissionSet class="System.Security.PermissionSet" version="1" Unrestricted="true" ID="Custom" SameSite="site" />
</applicationRequestMinimum>
<requestedPrivileges>
<requestedExecutionLevel level="requireAdministrator" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
</asmv1:assembly>
对您来说似乎正确吗?不,因为它对我不起作用...
It seems correct to you? No, because it doesn't work to me...
*
创建具有管理员权限的附加用户帐户(但这也适用于Windows域)实际上是有意义的,以执行受控环境.创建工作会话(新的桌面工作站)而不登录任何用户也是可以接受的,但是实际上我不知道是否可能.
It actually make sense to create an additional user account (but this shall work also on windows domains) with administrator privileges to execute a controlled environment. It could be also acceptable to create a working session (a new desktop station) without logging any user, but actually I don't know if it is possible.
推荐答案
您在一个问题中问了很多问题.关于您的解决方案的架构,有很多不清楚的话题(对我来说不清楚).对我来说,也绝对不清楚为什么需要 SetWindowsHook .因此,我只尝试回答您问题的技术部分.
You are asking a lot of questions inside of one question. There are many unclear subjects (unclear for me) about architecture of your solutions. It is also absolutely unclear for me why you need SetWindowsHook. So I try to answer only on the technical parts of your questions.
在不提示UAC的情况下启动程序不是一个大问题,可以考虑清单问题.
Starting of a program without prompting UAC is not a large problem and can be soleved with respect of manifestes.
从服务在用户的桌面上启动进程,以使该进程不在用户凭据下运行是很棘手的,但是可能的.我如何理解您的服务在SYSTEM帐户下运行.然后,它具有SE_TCB_NAME特权.该服务在会话0中运行(请参阅 http://www.microsoft.com/whdc/system/sysinternals/session0changes.mspx ).如果用户登录,则他看到的进程将在会话1或更高版本中运行.在Windows XP下,运行的第一个登录用户使用会话0,而只有下一次登录(如果打开了快速切换)使用会话1,等等.因此,在任何操作系统上都需要acn 在其他会话上启动进程.为此,您应该将 SetTokenInformation 函数与 TokenSessionId 参数一起使用.我在中描述了详细信息从服务启动用户会话中的进程.
Starting of a process on users's desktop from a service, so that the process runs not under users credentials, is tricky but possible. How I understand your service run under SYSTEM account. Then it has SE_TCB_NAME privilage. The service run in the session 0 (see http://www.microsoft.com/whdc/system/sysinternals/session0changes.mspx). If a user login, the processes which he see run on in the session 1 or higher. Under Windows XP the first logged user run use session 0 and only the next login (if fast switching is on) use session 1 etc. So on any operation system acn be required to start a process on other session. To do this you should use SetTokenInformation function with TokenSessionId parameter. I described details in Launching a process in user’s session from a service.
在所有情况下,您都应监视用户的登录和注销,并应获取用户会话ID,以便能够在会话上启动进程.您可以通过不同的方式来执行此操作.最简单的方法之一是让应用程序以自动启动的方式运行(例如,在 HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ CurrentVersion \ Run 中注册).该应用程序与您的服务进行通信,您可以通过模拟获得用户令牌和会话ID.另一种方法是使用 ISensLogon2 通知(请参见 http://系统事件通知服务(SENS)的//msdn.microsoft.com/zh-cn/library/aa376863.aspx ).
In all cases you should monitor users logins and logoffs and should get users session id to be able to start a process on the session. You can do this in different ways. One of the most simple way is to have a application which runs in autostart (registerd unter HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run for example). This application communicate with your service and you get through impersonation the users token and the session id. Another way is usage of ISensLogon2 notifications (see http://msdn.microsoft.com/en-us/library/aa376863.aspx) of the System Event Notification Service (SENS).
另一个小问题.取决于您在用户桌面上启动的过程所使用的帐户,可能需要相对于 OpenWindowStation , OpenDesktop 和 SetUserObjectSecurity (请参见 http://msdn.microsoft.com/zh-cn/library/ms681928.aspx , http://msdn.microsoft.com/en-us/library/ms687107.aspx 和 http://support.microsoft.com/kb/165194 )
One more small problem. Depend on account used for the process which you start on users desktop in can requires to change Security Descriptor of the Desktop and Windows Station objects with respect of OpenWindowStation, OpenDesktop and SetUserObjectSecurity (see http://msdn.microsoft.com/en-us/library/ms681928.aspx, http://msdn.microsoft.com/en-us/library/ms687107.aspx and http://support.microsoft.com/kb/165194)
这篇关于具有管理特权的进程在用户登录时运行的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
