在C ++中获取用户的登录会话 [英] Get the logon session of a user in C++

问题描述

我想获取父进程为explorer.exe的进程当前登录会话的句柄。

I want to get a handle on the current logon session of processes whose parent is explorer.exe.

如果我们以管理员或服务的身份运行进程，则不会有登录会话。我想要获得登录会话的原因是，我有一个程序（.exe），我想限制打开时，当用户尝试打开它（右键单击.exe - >以管理员身份运行），当一个用户通过管理员打开它，我们没有与其关联的登录会话，而当用户通过双击打开它时，它具有与其相关联的登录会话。

If we run a process as administrator or a service it won't have a logon session. The reason I want to get the logon session is that I have a program (.exe) which I want to restrict opening when a user tries to open it via (right click on the .exe--> run as administrator) and when a user opens it via administrator we don't have a logon session associated with it whereas when a user opens it by double clicking on it, it has a logon session associated with it.

我搜索了很多地方，但我只是得到了登录SID的过程。如果有人想要更多信息，您可以下载 http://technet.microsoft.com/en- us / sysinternals / bb896653 ，在浏览器 - >右键点击任何执行 - >安全的程序。

I searched quite some places, but I just get the process for getting the logon SID. If someone wants more information, you can download http://technet.microsoft.com/en-us/sysinternals/bb896653 and under the explorer --> right click on any program executing --> security. Here you will find the logon session.

推荐答案

您可以使用 OpenProcessToken ，随后是 GetTokenInformation 和 TokenStatistics 选项。但是，这不是一个明智的方式来查明进程是否使用以管理员身份运行启动，因为没有直接的方法来确定特定的登录会话是否升级。不是以以管理员身份运行启动的进程不会有登录会话。

You can get the logon session associated with a process by using OpenProcessToken followed by GetTokenInformation with the TokenStatistics option. However, this is not a sensible way of finding out whether or not a process was launched using "run as administrator" because there is no straightforward way to determine whether a particular logon session is elevated or not. It is not true that a process launched with "run as administrator" will not have a logon session.

要确定进程是否以以管理员身份运行，请使用 TokenElevationType 选项。如果且仅当使用以管理员身份运行时，这应该返回 TokenElevationTypeFull 。

To find out whether a process was "run as administrator" use the TokenElevationType option. This should return TokenElevationTypeFull if and only if "run as administrator" was used.

（一个警告： m不确定如果非管理用户使用以管理员身份运行然后输入管理员用户名和密码，则会返回 TokenElevationType 您应该测试此方案使用 TokenElevation 而不是 TokenElevationType 。）

(One caveat: I'm not certain what TokenElevationType will return if a non-administrative user uses "run as administrator" and then enters an administrator username and password. You should test this scenario. You might want to use TokenElevation rather than TokenElevationType.)

你真正想知道的是进程是否有管理权限，你应该使用 CheckTokenMembership 。查找Administrators组。 MSDN文档有正确的示例代码。

If what you really want to know is whether the process has administrative privilege, you should use CheckTokenMembership instead. Look for the Administrators group. The MSDN documentation has sample code that does exactly this.

这里的区别是，如果UAC被禁用（用户是管理员），或者如果用户是本地管理员。在这些情况下，没有以管理员身份运行选项，所有进程都将自动以管理员权限运行。如果要检测这些情况，请使用 CheckTokenMembership 。如果您只想检测用户明确说以管理员身份运行的情况，请使用 TokenElevationType 。

The distinction here is what you want to happen if UAC is disabled (and the user is an administrator) or if the user is the local Administrator. In these cases there is no "run as administrator" option, all processes are run with administrator privilege automatically. If you want to detect these cases, use CheckTokenMembership. If you only want to detect the cases where the user explicitly said "run as administrator" use TokenElevationType.

这篇关于在C ++中获取用户的登录会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！