使用 Exe 的 Windows UAC 安全性 [英] Windows UAC Security With Exe

问题描述

我有一个用旧的 Borland C++ 编译器创建的 exe.它需要管理员权限才能正常运行.由于该应用程序将在启动时运行，我不希望用户提示是否可以运行该程序(在 Win7 上测试).我的问题是有什么办法可以在每次运行应用程序时删除那个烦人的提示?

I have an exe created with an old Borland C++ compiler. It needs administrator privileges to function correctly. Since the app will run at startup, I do not want the user prompted if it's OK to run the program (testing on Win7). My question is is there ANY way to remove that annoying prompt every time the app is run?

我添加了一个带有管理员权限的清单文件并对其进行了签名，但它仍然显示发布者名称.

I added a manifest file with admin privs and signed it, but it then still appears with the publisher name.

这将被分发，所以我不希望用户必须关闭 UAC 或做任何太复杂的事情.非常感谢任何建议.

This will be distributed, so I don't want users to have to turn off UAC or do anything too complicated. Any suggestions are much appreciated.

我希望 UAC 有一些东西，比如永远信任这个程序"之类的东西.

I am hoping there's something for UAC like "Always Trust This Program" or something.

推荐答案

答案是使用计划任务在登录时运行.计划任务由以 SYSTEM 权限运行的任务计划程序服务启动，因此可以让它们以提升的权限运行，而不会在启动时提示用户.您仍然需要一次获得用户的确认 - 在您设置计划任务时 - 但不是每次程序运行时都如此.

The answer would be using a scheduled task to run at logon. Scheduled tasks are launched by the task scheduler service which runs with SYSTEM privileges, and therefore it's possible to have them run with elevated privileges without prompting the user on startup. You still have to get the user's confirmation once - when you set up the scheduled task - but not every time the program runs.

因为我不知道你是如何安装你的程序(你正在使用哪个安装程序，如果有的话)，我会向你描述一种你可以在任何环境中实现的方法:使用 schtasks.exe 和一个 XML 文件.(请注意，这不适用于 Windows XP 及更早版本，但无论如何您都不必担心 UAC.)

Since I don't know how you are installing your program (which installer you are using, if any), I'll describe to you a way which you can probably implement in any environment: Using schtasks.exe and an XML file. (Note that this won't work with Windows XP and older, but there you don't have to worry about UAC anyway.)

您需要像这样创建一个 XML 文件:

You need to create an XML file like this:

<?xml version="1.0" ?>
<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">
    <RegistrationInfo>
        <Date>2013-11-01T00:00:00.0000000</Date>
        <Author>USERDOMAIN\USERNAME</Author>
    </RegistrationInfo>
    <Triggers>
        <LogonTrigger>
            <Enabled>true</Enabled>
            <UserId>USERDOMAIN\USERNAME</UserId>
        </LogonTrigger>
    </Triggers>
    <Principals>
        <Principal id="Author">
            <RunLevel>HighestAvailable</RunLevel>
            <UserId>USERDOMAIN\USERNAME</UserId>
            <LogonType>InteractiveToken</LogonType>
        </Principal>
    </Principals>
    <Settings>
        <MultipleInstancesPolicy>IgnoreNew</MultipleInstancesPolicy>
        <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>
        <StopIfGoingOnBatteries>false</StopIfGoingOnBatteries>
        <AllowHardTerminate>false</AllowHardTerminate>
        <StartWhenAvailable>false</StartWhenAvailable>
        <RunOnlyIfNetworkAvailable>false</RunOnlyIfNetworkAvailable>
        <IdleSettings>
            <StopOnIdleEnd>false</StopOnIdleEnd>
            <RestartOnIdle>false</RestartOnIdle>
        </IdleSettings>
        <AllowStartOnDemand>true</AllowStartOnDemand>
        <Enabled>true</Enabled>
        <Hidden>false</Hidden>
        <RunOnlyIfIdle>false</RunOnlyIfIdle>
        <WakeToRun>false</WakeToRun>
        <ExecutionTimeLimit>PT0S</ExecutionTimeLimit>
        <Priority>7</Priority>
    </Settings>
    <Actions Context="Author">
        <Exec>
            <Command>c:\path\to\your\app.exe</Command>
            <Arguments>/your /parameters</Arguments>
        </Exec>
    </Actions>
</Task>

• 将此处的所有 USERDOMAIN\USERNAME 替换为实际用户的域和名称.例如，您可以从相应的环境变量 USERDOMAIN 和 USERNAME 中读取这些内容.
• 将 c:\path\to\your\app.exe 替换为应用程序的路径，将 /your/parameters 替换为要传递给应用程序的参数，如果有的话.
• 这里的秘密魔法在于 <RunLevel>HighestAvailable</RunLevel>，这将使任务调度程序运行您的应用程序.
• Date 并不重要，但为了完整起见，您可以将其设置为当前日期和时间.
• Replace all USERDOMAIN\USERNAME here with the actual user's domain and name. You can, for example, read those out of the corresponding environment variables USERDOMAIN and USERNAME.
• Replace c:\path\to\your\app.exe with your application's path and /your /parameters with the arguments you want to pass to your app, if any.
• The secret magic here lies in <RunLevel>HighestAvailable</RunLevel> which will make the task scheduler run your app elevated.
• The Date doesn't really matter, but for completeness you could set it to the current date and time.

创建 XML 文件并将其保存在某处(例如临时文件夹)后，您必须运行此命令来创建实际任务:schtasks.exe/Create/TN "My App"/F/XML "c:\path\to\xmlfile.xml"(将 My App 替换为查看时应出现在任务调度程序中的名称).

After creating the XML file and saving it somewhere (e.g. temporary folder), you have to run this command which will create the actual task: schtasks.exe /Create /TN "My App" /F /XML "c:\path\to\xmlfile.xml" (replace My App with the name which should appear in the task scheduler when viewed).

您可以使用 schtasks.exe/Delete/TN "My App" 再次删除任务.

You can delete the task again using schtasks.exe /Delete /TN "My App".

(对于纯 C++ 解决方案，您还可以采用 这个例子 并添加缺少的东西，即指定用户名和设置使用最高可用权限的标志.)

(For a pure C++ solution, you could also take this example and add the missing things which would be specifying the username and setting the flag for using the highest available privileges.)

这篇关于使用 Exe 的 Windows UAC 安全性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！