C# 如何将用户添加到“;从网络访问此计算机”;是否通过添加注册表项来执行本地策略?
您知道如何在本地策略中添加用户吗?我需要像这样的效果 gpedit.msc->计算机配置/Windows设置/安全设置/本地策略/用户权限分配/“从网络访问此计算机” 我希望通过添加注册表项或从cmd运行命令来实现这一点。如果你有任何提示或网络资源分享,我会很高兴C# 如何将用户添加到“;从网络访问此计算机”;是否通过添加注册表项来执行本地策略?,c#,.net,wpf,registry,C#,.net,Wpf,Registry,您知道如何在本地策略中添加用户吗?我需要像这样的效果 gpedit.msc->计算机配置/Windows设置/安全设置/本地策略/用户权限分配/“从网络访问此计算机” 我希望通过添加注册表项或从cmd运行命令来实现这一点。如果你有任何提示或网络资源分享,我会很高兴 谢谢。这是我之前准备的。我们使用下面的(很长,很抱歉)包装类来授予“作为服务登录的权利”。这方面的呼吁如下: var identity = new WindowsIdentity(logonName); LsaSecurityWrap
谢谢。这是我之前准备的。我们使用下面的(很长,很抱歉)包装类来授予“作为服务登录的权利”。这方面的呼吁如下:
var identity = new WindowsIdentity(logonName);
LsaSecurityWrapper.AddAccountRights(identity.User.AccountDomainSid,
"SeServiceLogonRight");
您只需将“SeServiceLogonRight”替换为您自己的。一个快速的谷歌告诉我这应该是“SeNetworkLogonRight”。如果你想在控制台应用程序中使用它,那么你可以快速编译一个。设置Main
方法如下:
static void Main(string[] args)
{
var identity = new WindowsIdentity(args[0]);
LsaSecurityWrapper.AddAccountRights(identity.User.AccountDomainSid, args[1]);
}
然后以YourConsoleApp.exe登录权限调用。这是包装纸:
[StructLayout(LayoutKind.Sequential)]
internal struct LSA_OBJECT_ATTRIBUTES
{
internal int Length;
internal IntPtr RootDirectory;
internal IntPtr ObjectName;
internal int Attributes;
internal IntPtr SecurityDescriptor;
internal IntPtr SecurityQualityOfService;
}
///
/// LSA_UNICODE_STRING structure
///
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
internal struct LSA_UNICODE_STRING
{
internal ushort Length;
internal ushort MaximumLength;
[MarshalAs(UnmanagedType.LPWStr)] internal string Buffer;
}
///
/// Wraps LsaAddAccountRights call.
///
public sealed class LsaSecurityWrapper
{
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaOpenPolicy(
LSA_UNICODE_STRING[] SystemName,
ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
int AccessMask,
out IntPtr PolicyHandle
);
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaAddAccountRights(
LSA_HANDLE PolicyHandle,
IntPtr pSID,
LSA_UNICODE_STRING[] UserRights,
int CountOfRights
);
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaRemoveAccountRights(
LSA_HANDLE PolicyHandle,
IntPtr AccountSid,
bool AllRights,
LSA_UNICODE_STRING[] UserRights,
int CountOfRights
);
[DllImport("advapi32")]
internal static extern int LsaClose(IntPtr PolicyHandle);
private enum Access : int
{
POLICY_READ = 0x20006,
POLICY_ALL_ACCESS = 0x00F0FFF,
POLICY_EXECUTE = 0X20801,
POLICY_WRITE = 0X207F8
}
// rights: (http://msdn.microsoft.com/en-us/library/bb545671(VS.85).aspx)
public static void AddAccountRights(SecurityIdentifier sid, string rights)
{
IntPtr lsaHandle;
LSA_UNICODE_STRING[] system = null;
LSA_OBJECT_ATTRIBUTES lsaAttr;
lsaAttr.RootDirectory = IntPtr.Zero;
lsaAttr.ObjectName = IntPtr.Zero;
lsaAttr.Attributes = 0;
lsaAttr.SecurityDescriptor = IntPtr.Zero;
lsaAttr.SecurityQualityOfService = IntPtr.Zero;
lsaAttr.Length = Marshal.SizeOf(typeof(LSA_OBJECT_ATTRIBUTES));
lsaHandle = IntPtr.Zero;
uint ret = LsaOpenPolicy(system, ref lsaAttr, (int)Access.POLICY_ALL_ACCESS, out lsaHandle);
if (ret == 0)
{
Byte[] buffer = new Byte[sid.BinaryLength];
sid.GetBinaryForm(buffer, 0);
IntPtr pSid = Marshal.AllocHGlobal(sid.BinaryLength);
Marshal.Copy(buffer, 0, pSid, sid.BinaryLength);
LSA_UNICODE_STRING[] privileges = new LSA_UNICODE_STRING[1];
LSA_UNICODE_STRING lsaRights = new LSA_UNICODE_STRING();
lsaRights.Buffer = rights;
lsaRights.Length = (ushort)(rights.Length * sizeof(char));
lsaRights.MaximumLength = (ushort)(lsaRights.Length + sizeof(char));
privileges[0] = lsaRights;
ret = LsaAddAccountRights(lsaHandle, pSid, privileges, 1);
LsaClose(lsaHandle);
Marshal.FreeHGlobal(pSid);
if (ret != 0)
{
throw new Win32Exception("LsaAddAccountRights failed with error code: " + ret);
}
}
else
{
throw new Win32Exception("LsaOpenPolicy failed with error code: " + ret);
}
}
}
我想你需要使用pinvoke和相应的Lsa函数,
http://www.pinvoke.net/default.aspx/advapi32.lsaaddaccountrights