避免 UAC 但使用 Windows 服务启动提升的进程 [英] Avoiding UAC but launching an elevated process using a windows service

问题描述

我有一个非交互式服务作为特权 SYSTEM 用户在 Windows 机器上运行，我需要它以提升进程的形式启动给定的可执行文件.

I have a non-interactive service running as a the privileged SYSTEM user on Windows machines, and I need it to launch a given executable as an elevated process.

我已经设法以 SYSTEM 身份启动一个子进程，使用 WTSGetActiveConsoleSessionId()，找到一个系统进程并复制它的令牌.同样，我可以作为普通用户启动一个非提升的进程.但我需要以普通用户身份启动该进程，但需要提升权限 - 这样我就不必显示 UAC，但该进程正在以适当的用户身份运行.

I have managed to launch a child process as SYSTEM, using WTSGetActiveConsoleSessionId(), finding a system process and duplicating it's token. Similarly, I can launch a non-elevated process as a regular user. But I need to launch the process as the regular user, but with elevated privileges - so that I don't have to show UAC, but the process is running as the appropriate user.

我不想绕过 UAC - 因为用户已经同意安装该服务.我正在努力减轻不便.我发现了一个类似的未回答的问题 - 但又问了一次希望得到答案.

I am not trying to bypass UAC - since the user already agreed to installing the service. I am trying to mitigate an inconvenience. I have found a similar, unanswered question - but asked again in hope of maybe getting an answer.

推荐答案

如果您有交互式用户的过滤令牌 - 例如，通过 WTSQueryUserToken() - 您可以使用 GetTokenInformation 函数和 TokenLinkedToken 选项.

If you have a filtered token for the interactive user - for example, one retrieved via WTSQueryUserToken() - you can retrieve the unfiltered ("elevated") token by using the GetTokenInformation function with the TokenLinkedToken option.

这篇关于避免 UAC 但使用 Windows 服务启动提升的进程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！