在没有 UAC 的系统上执行具有管理员权限的应用程序 [英] Execute an application with admin rights on system without UAC

问题描述

我有一个必须以管理员权限执行的应用程序.如果 UAC 开启，一切都很好.但是，如果 UAC 关闭，则启动时没有提示(即使对于标准用户)并且应用程序以受限权限启动.

使用动词runas"启动进程不起作用.

是否有任何方法可以显示标准的 UAC 登录对话框，并在 UAC 关闭的情况下执行具有管理员权限的应用程序?

更新:包含清单:

<assemblyIdentity version="1.1.6.0" processorArchitecture="X86" name="setup" type="win32"/><trustInfo xmlns="urn:schemas-microsoft-com:asm.v2"><安全><requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3"><requestedExecutionLevel level="requireAdministrator" uiAccess="false"/></requestedPrivileges></安全></trustInfo></asmv1:assembly>

并且一切正常，当 UAC 处于活动状态时.但如果 UAC 关闭，它就不起作用.

更新 2::MSDN .

这是 StackOverflow 上某处的 C++ 小代码示例，用于检查管理员访问权限:

BOOL IsUserAdmin(VOID){布尔值；SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;PSID 管理员组；b = AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup);如果(真== b){if (!CheckTokenMembership( NULL, AdministratorsGroup, &b)){b = 假；}FreeSid(管理员组)；}退货(b);}

I have an application that must be executed with admin rights. There is everything fine, if UAC is on. But, if UAC is turned off, there is no prompt on start (even for standard user) and application starts with restricted rights.

Start process with verb "runas" does not work.

Is there any way to show the standard UAC login dialog for and execute an application with admin rights even if UAC if turned off?

Update: Manifest is included:

<?xml version="1.0" encoding="utf-8"?>
<asmv1:assembly manifestVersion="1.0" xmlns="urn:schemas-microsoft-com:asm.v1" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <assemblyIdentity version="1.1.6.0" processorArchitecture="X86" name="setup" type="win32"/>
    <trustInfo xmlns="urn:schemas-microsoft-com:asm.v2">
        <security>
            <requestedPrivileges xmlns="urn:schemas-microsoft-com:asm.v3">
                <requestedExecutionLevel level="requireAdministrator" uiAccess="false" />
            </requestedPrivileges>
        </security>
    </trustInfo>
</asmv1:assembly>

and everithing is OK, when UAC is active. But it does not work if UAC is OFF.

Update 2:: This behavior is documented by MSDN Step 6: Create and Embed an Application Manifest (UAC) (see table "Application launch behavior for a standard user account" last row). So i can't solve this problem with any manifest. Is there any other solution?

解决方案

I had a very similar problem, and I don't think the comments so far addressed your actual issue. I believe they are mistaking the intent of your question. While my answer will not show the actual UAC dialog as you first asked, it will show a workaround.

UAC being off does NOT preclude an application from being run as Administrator (assuming you have an administrator password, as it seems you do), just makes it harder. As you rightfully pointed out, with UAC disabled and requireAdministrator set in the manifest, right-clicking and selecting Run as administrator does not actually elevate the process, as Microsoft indicates: "Application might launch but will fail later"

Two Steps:

1) Hold Shift while Right-clicking on the application and select Run as a different user. Then simply use your Administrator user name and password to authenticate, and your application should run as Administrator. It worked for me.

2) Build a small executable that runs asInvoker and checks for Administrative privileges. When it is run without them, warn the user and tell them to Shift-Right Click, then Run as a different user. If your small program has administrator access, then use ShellExecute to invoke your primary requireAdministrator application. See Figure 9 here for a flow diagram.

Here is a small code sample in C++ from somewhere on StackOverflow that checks for administrator access:

BOOL IsUserAdmin(VOID)
{
   BOOL b;
   SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
   PSID AdministratorsGroup; 
   b = AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &AdministratorsGroup); 
   if(true==b) 
   {
      if (!CheckTokenMembership( NULL, AdministratorsGroup, &b)) 
      {
         b = FALSE;
      } 
      FreeSid(AdministratorsGroup); 
   }
   return(b);
}

这篇关于在没有 UAC 的系统上执行具有管理员权限的应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！