将应用程序作为系统运行(不带 PSTools) [英] Running application as System (without PSTools)

问题描述

有些注册表项归 System 所有，除非我以 System 身份运行，否则我无法编辑它们.我希望能够从我的 VB 应用程序编辑这些键.我发现的任何教程都建议使用 PSTools、现已弃用的 At 命令或 schtasks.PSTools 看起来很棒，但它的许可似乎有限制(关于重新分发).at 和 schtasks 太乱，需要调度延迟.

这与我之前的问题有关.我想利用我发现的东西，并通过 VB 实现它.

修改审核策略(组策略)>

我也发现了这个，但我收到错误 1314.我意识到尽管运行 VS2010requireAdministrator"，甚至以管理员身份运行我的 EXE，它仍然在任务管理器中显示我的用户名(以我的身份运行，而不是管理员).我以管理员身份登录，但收到错误 5.即使按照这篇文章的建议(CreateProcessAsUser 错误 1314)，确保我设置了权限，它仍然给了我错误 5.

使用以 SYSTEM 身份运行的 vb.net 应用程序，如何为每个登录用户启动一个分离的进程?

我将示例更改为TokenAccessLevels.Read and Duplicate"而不是 MaximumAllowed.

 如果不是 DuplicateTokenEx(hToken.DangerousGetHandle,TokenAccessLevels.Read &TokenAccessLevels.Duplicate,没有，SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation，TOKEN_TYPE.TokenPrimary,phNewToken) 然后

我从 CreateProcessAsUser 收到错误 5.这是在以管理员身份运行 VS2010 时.

解决方案

http://forum.sysinternals.com/tip-run-process-in-system-account-scexe_topic16714.html

这篇文章是我能做的最好的.基本上，安装一个服务，运行它，然后删除它.根据OP，这是他的解释.

<块引用>

那么它是如何工作的?

1. &符号告诉 cmd.exe 解析处理后面的文本，就好像它是批处理文件中的一个新行(它基本上是一个新行分隔符，允许将多个命令合并为 1 行)

分解:创建服务 - sc create -- binPath="cmd/c startcalc" type= own type= interact Start Service net start -- (这可以也可以用:sc start --) 删除服务 sc delete --

2. 变量
   • 服务名称:--
   • 要运行的应用程序:calc

变量:

3. 工作原理:

cmd/c - 允许我们将参数传递给 cmd(没有这个初始值部分，如果您复制 & 它将起作用粘贴在 cmd.exe 中，但不在运行中对话.所以这修复了它)sc create binPath= - 因为 cmd.exe 没有响应服务命令，当 SCM 在 binPath (Reg= ImagePath) 然后它会终止它，当没有及时响应时，因此无法使用cmd.exe.它必须调用在这种情况下是 calc.exe sc create type= This one花了一段时间才弄清楚.最初的问题是窗口站cmd.exe 在其中启动(依次由calc.exe(它的子进程)).幸运的是在阅读了 Mark 的 Windows 之后内部 e4，我能够通过将服务指定为互动.(实验，它实际上必须是两者交互(256) 和自己(16) (256|16 = 272) .基本上这是什么允许 Windows 在 \WinSta0\Default 中运行(当前用户的桌面，允许显示窗口.)经过一段时间对 sc 不接受类型感到沮丧的研究=own|interact，我发现它允许我们再次指定它，而不是覆盖 Type(dword)，而是按位或(添加它).问题解决！net start - 启动服务(可能调用StartService) cmd.exe 与 start [File] 的命令行 (CL) 一起运行其中 start 可能调用 ShellExecute(很遗憾 MS 没有允许开始指定一个 SW_* 命令(如隐藏).虽然它确实允许我们最小/最大窗口.cmd.exe 打开应用程序/文件，SCM因 cmd.exe 没有及时响应它而终止命令，窗口现在显示给用户.sc 删除 - 最后我们通过删除服务来清理我们的路径

对我来说，这行得通.

cmd/c sc create -- binPath= "cmd/c start app.exe" type= own type= interact &网络开始——&sc 删除——

现在，我无法获得工作的绝对路径.我不得不将我的 .EXE 放在 System32 和 SysWOW64 中，所以我不必使用绝对路径.根据该站点，这应该允许绝对路径工作.

cmd/c sc create -- binPath= "cmd/c start \"\" \"C:\windows\regedit.exe\" " type= own type= interact &网络开始——&sc 删除——

它对我来说从来没有用过，因为它会挂起一段时间并且永远不会启动应用程序.它应该几乎立即完成.

There are some registry keys that are owned by System, and I can't edit them unless I run as System. I want to be able to edit these keys from my VB application. Any tutorials I've found suggest using PSTools, the now deprecated At command, or schtasks. PSTools seems great, but its license seems to restrictive (about redistributing). At and schtasks are too messy, and require scheduling delays.

This is related to my previous question. I want to take what I discovered, and implement it via VB.

Modify audit policy (group policy)

I also found this, but am getting error 1314. I realized despite running VS2010 "requireAdministrator", and even Running my EXE as Administrator, it still says my username in Task Manager (running as me, not Administrator). I logged in as Administrator, and got Error 5 instead. Even after ensuring I had the rights set, as suggested by this post (CreateProcessAsUser error 1314), it still gave me Error 5.

Using a vb.net application running as SYSTEM, how do I start a detached process for each logged on user?

I changed the example to "TokenAccessLevels.Read and Duplicate" rather than MaximumAllowed.

 If Not DuplicateTokenEx(hToken.DangerousGetHandle,
            TokenAccessLevels.Read & TokenAccessLevels.Duplicate,
            Nothing,
            SECURITY_IMPERSONATION_LEVEL.SecurityImpersonation,
            TOKEN_TYPE.TokenPrimary,
            phNewToken) Then

I get Error 5 from CreateProcessAsUser. This is while running VS2010 as Administrator.

解决方案

http://forum.sysinternals.com/tip-run-process-in-system-account-scexe_topic16714.html

This post was the best I could do. Basically, install a service, run it, then delete it. According to the OP, this is his explanation.

So how does it work?

1. The & symbol tells cmd.exe to parse treat the text that follows as if it were a new line in a batch file (It basically is a new line delimiter which allows multiple commands to be combined into 1 line)

To break it down: Create Service - sc create -- binPath= "cmd /c start calc" type= own type= interact Start Service net start -- (This could also be done with: sc start --) Delete Service sc delete --

2. Variables
   • Service Name: --
   • App to run: calc

Variables:

3. How it works:

cmd /c - allows us to pass in parameters to cmd (Without this initial part, it will work if you copy & paste in cmd.exe, but not in the Run Dialog. So this fixes it) sc create binPath= - Since cmd.exe does not respond to service commands, when the SCM runs the app in binPath (Reg = ImagePath) then it will terminate it, when not responding in a timely fasion, therefore cmd.exe cannot be used. It has to call something else which in this case is calc.exe sc create type= This one took a while to figure out. The inital problem is the Window Station in which cmd.exe is launched in (which in turn is inherited by calc.exe (its child process)). Luckily after reading Mark's Windows Internals e4, I was able to solve it by specifying the service as being Interactive. (Experimenting, it actually has to be BOTH interactive(256) and own(16) (256|16 = 272) . Basically what this allows is for the windows to run in \WinSta0\Default (The current user's desktop, allowing the window to be displayed.) After some research from being frustrated that sc would not accept type =own|interact, I found out that it allows us to specify it again, and instead of overwriting Type (dword) it bitwise-ORs it (Adds it). Problems Solved! net start - start the service (probably calls StartService) cmd.exe runs with the command line (CL) of start [File] in which start probably calls ShellExecute (Its ashame that MS didn't allow start to specify a SW_* commands (like hide). Although it does allowing us to min/max windows. cmd.exe opens the app/file, the SCM terminates cmd.exe for not responding in a timely fashion to its commands, and the window is now shown to the user. sc delete - Finally we clean up our path by removing the service

For me, this worked.

cmd /c sc create -- binPath= "cmd /c start app.exe" type= own type= interact & net start -- & sc delete --

Now, I had trouble with getting absolute paths to work. I had to put my .EXE in System32 and SysWOW64, so I didn't have to use an absolute path. According to the site, this is supposed to allow absolute paths to work.

cmd /c sc create -- binPath= "cmd /c start  \"\"  \"C:\windows\regedit.exe\" " type= own type= interact & net start -- & sc delete --

It never worked for me, as it would hang for some time and never start the app. It should almost instantly complete.

这篇关于将应用程序作为系统运行(不带 PSTools)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！