C# 创建要作为其他用户运行的进程
我有一个以提升权限运行的C#Windows服务。该服务的任务之一是创建一个新的本地用户帐户,并使用该帐户执行一些设置任务(设置一些注册表设置等)。该服务正在“本地系统”帐户下运行 舱单中的特权 JoeAdmin的特权 (使用这些权限操作成功。) 特权信息 ---------------------- 特权名称描述状态 =============================== ========================================= ======== SeIncreaseQuotaPrivilege调整已禁用进程的内存配额 SeSecurity权限管理审核和安全日志已禁用 SeTakeOwnershipPrivilege获取文件或其他对象的所有权已禁用 SeLoadDriverPrivilege加载和卸载设备驱动程序已禁用 SeSystemProfilePrivilege配置文件系统性能已禁用 SeSystemtimePrivilege更改禁用的系统时间 SeProfileSingleProcessPrivilege配置文件单个进程已禁用 SeIncreaseBasePriorityPrivilege增加调度优先级已禁用 SeCreatePagefilePrivilege创建页面文件已禁用 SeBackupPrivilege备份文件和目录已禁用 SeRestorePrivilege还原文件和目录已禁用 SeShutdownPrivilege关闭已禁用的系统 SeDebugPrivilege调试程序已禁用 SeSystemEnvironmentPrivilege修改固件环境值已禁用 已启用SeChangeNotifyPrivilege绕过遍历检查 SEREMOTESHUTTONDOWN权限从远程系统强制关闭已禁用 SeUndockPrivilege从扩展坞移除计算机已禁用 SeManageVolumePrivilege执行卷维护任务已禁用 SeImpersonatePrivilege在启用身份验证后模拟客户端 SeCreateGlobalPrivilege已启用创建全局对象 SeIncreaseWorkingSetPrivilege增加进程工作集已禁用 SetTimeZonePrivilege更改时区已禁用 secreateSymbolicClinkPrivilege创建符号链接已禁用 问题 我可以从本地系统帐户生成进程吗?或者 该服务是由WiX安装程序安装的,有没有办法从安装程序中为该服务授予正确的权限C# 创建要作为其他用户运行的进程,c#,windows,permissions,C#,Windows,Permissions,我有一个以提升权限运行的C#Windows服务。该服务的任务之一是创建一个新的本地用户帐户,并使用该帐户执行一些设置任务(设置一些注册表设置等)。该服务正在“本地系统”帐户下运行 舱单中的特权 JoeAdmin的特权 (使用这些权限操作成功。) 特权信息 ---------------------- 特权名称描述状态 =============================== ========================================= ======== SeIncre
<ServiceInstall
Id="ServiceInstaller"
Type="ownProcess"
Name="MyCoolService"
DisplayName="My Cool Service"
Description="My Cool Service Component"
Start="auto"
ErrorControl="normal" />
proc.Start()在模拟块内。解释如何执行模拟。问题很可能与目标用户对窗口站ala@HarryJohnston的访问权限有关:有趣,这可以解释问题。这可以通过对我正在运行的可执行文件进行一些更改来解决吗,这样它就不会尝试访问了?我不确定。我知道,一个不尝试显示任何内容(包括控制台窗口)的可执行文件需要更少的权限;请参阅,不引用user32.dll或gdi32.dll的可执行文件可能会运行。因此,如果您可以限制自己只使用kernel32.dll,您可能就可以了。(但不确定这是否会被视为得到支持。)
using (var proc = new Process())
using (var password = new SecureString())
{
foreach (var c in accountPassword)
{
password.AppendChar(c);
}
proc.StartInfo = new ProcessStartInfo(
pathToExecutable,
arguments)
{
LoadUserProfile = true,
UseShellExecute = false,
CreateNoWindow = true,
RedirectStandardError = true,
RedirectStandardInput = true,
RedirectStandardOutput = true,
Domain = accountDomain,
UserName = accountName,
Password = password
};
StringWriter outWriter = new StringWriter(), errWriter = new StringWriter();
proc.OutputDataReceived += (o, e) => outWriter.Write(e.Data);
proc.ErrorDataReceived += (o, e) => errWriter.Write(e.Data);
proc.EnableRaisingEvents = true;
proc.Start(); // <-- exception thrown here
...
System.ComponentModel.Win32Exception (0x80004005): Access is denied
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at ...
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
=============================== ========================================= ========
SeAssignPrimaryTokenPrivilege Replace a process level token Disabled
SeLockMemoryPrivilege Lock pages in memory Enabled
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeTcbPrivilege Act as part of the operating system Enabled
SeSecurityPrivilege Manage auditing and security log Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers Disabled
SeSystemProfilePrivilege Profile system performance Enabled
SeSystemtimePrivilege Change the system time Disabled
SeProfileSingleProcessPrivilege Profile single process Enabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Enabled
SeCreatePagefilePrivilege Create a pagefile Enabled
SeCreatePermanentPrivilege Create permanent shared objects Enabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeDebugPrivilege Debug programs Enabled
SeAuditPrivilege Generate security audits Enabled
SeSystemEnvironmentPrivilege Modify firmware environment values Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeUndockPrivilege Remove computer from docking station Disabled
SeManageVolumePrivilege Perform volume maintenance tasks Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Enabled
SeTimeZonePrivilege Change the time zone Enabled
SeCreateSymbolicLinkPrivilege Create symbolic links Enabled
PRIVILEGES INFORMATION
----------------------
Privilege Name Description State
=============================== ========================================= ========
SeIncreaseQuotaPrivilege Adjust memory quotas for a process Disabled
SeSecurityPrivilege Manage auditing and security log Disabled
SeTakeOwnershipPrivilege Take ownership of files or other objects Disabled
SeLoadDriverPrivilege Load and unload device drivers Disabled
SeSystemProfilePrivilege Profile system performance Disabled
SeSystemtimePrivilege Change the system time Disabled
SeProfileSingleProcessPrivilege Profile single process Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority Disabled
SeCreatePagefilePrivilege Create a pagefile Disabled
SeBackupPrivilege Back up files and directories Disabled
SeRestorePrivilege Restore files and directories Disabled
SeShutdownPrivilege Shut down the system Disabled
SeDebugPrivilege Debug programs Disabled
SeSystemEnvironmentPrivilege Modify firmware environment values Disabled
SeChangeNotifyPrivilege Bypass traverse checking Enabled
SeRemoteShutdownPrivilege Force shutdown from a remote system Disabled
SeUndockPrivilege Remove computer from docking station Disabled
SeManageVolumePrivilege Perform volume maintenance tasks Disabled
SeImpersonatePrivilege Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege Create global objects Enabled
SeIncreaseWorkingSetPrivilege Increase a process working set Disabled
SeTimeZonePrivilege Change the time zone Disabled
SeCreateSymbolicLinkPrivilege Create symbolic links Disabled
<ServiceInstall
Id="ServiceInstaller"
Type="ownProcess"
Name="MyCoolService"
DisplayName="My Cool Service"
Description="My Cool Service Component"
Start="auto"
ErrorControl="normal" />