1

有谁知道如何做到这一点?

  • 在 1 台 PC 上,有 3 个普通用户和 2 个管理员:总共 5 个。
  • 我需要在 admin 1 帐户上运行的 VB.net 应用程序来创建文件并设置仅对 admin 2 可用的所有权和权限,以便只有 admin 2可以访问、删除该文件等。
  • 管理员 1 无法通过 Windows 访问该文件,但在该用户帐户上运行的应用程序可以。
  • 因此,与此同时(当应用程序在管理员 1 上运行时),如果文件需要更改,应用程序应该能够再次更改文件。

注意:应用程序知道两个帐户的密码和登录信息。

4

3 回答 3

2

您是否尝试过 LogonUser 和WindowsIdentity.Impersonate

于 2013-01-16T01:15:32.010 回答
1

admin 1 无法通过 windows 访问该文件,但在该用户帐户 (admin 1) 上运行的应用程序可以。

你无法按照你想要的方式实现这一点。在管理员 1 上运行的程序“是”该用户。如果程序可以,用户始终可以通过 Windows 访问该文件。

您可以让程序加密文件中的数据。admin 1 用户将能够读取加密的内容(看似随机的数据),并更改(从而破坏)它,或删除文件。但是,除非该用户破坏了加密,否则只有程序(知道文件是如何加密的)才能对其进行有效的更改。需要使用该文件的其他用户将需要通过该程序访问它(或另一个可以解密它以供使用的用户)。

另一种选择是创建另一个用户帐户,仅向管理员 2 和新帐户授予对文件的访问权限,并在“模拟”该新帐户后让应用程序访问它。然后,您将拒绝除管理员 1 之外的所有用户对程序本身的访问。但是,即使这样做,“域管理员”也可以获取该文件。

请记住,任何通过软件处理文件内容的用户都可以(例如)将其打印或复制到剪贴板,并对其进行任何操作。如果你不能相信你的员工会做正确的事,那么你可能注定要失败。

于 2013-01-15T20:53:33.563 回答
0

在 MSDN 上花了一点时间后,我能想到的就是这些了,它与 windows 提供的“运行方式”相同

测试和工作正常

代码 :

 Imports System
 Imports System.Runtime.InteropServices


 Module Module1

    Public Infinite As System.UInt32 = Convert.ToUInt32(&HFFFFFFF)
    Public Startf_UseStdHandles As Int32 = &H100
    Public StdOutputHandle As Int32 = -11
    Public StdErrorHandle As Int32 = -12

    <StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto)> _
    Public Structure StartupInfo
        Public cb As Integer
        Public reserved As String
        Public desktop As String
        Public title As String
        Public x As Integer
        Public y As Integer
        Public xSize As Integer
        Public ySize As Integer
        Public xCountChars As Integer
        Public yCountChars As Integer
        Public fillAttribute As Integer
        Public flags As Integer
        Public showWindow As UInt16
        Public reserved2 As UInt16
        Public reserved3 As Byte
        Public stdInput As IntPtr
        Public stdOutput As IntPtr
        Public stdError As IntPtr
    End Structure 'StartupInfo

    Friend Structure ProcessInformation
        Public process As IntPtr
        Public thread As IntPtr
        Public processId As Integer
        Public threadId As Integer
    End Structure 'ProcessInformation


    <DllImport("advapi32.dll", SetLastError:=True, CharSet:=CharSet.Unicode)> _
    Public Function CreateProcessWithLogonW(ByVal userName As String, ByVal domain As String, ByVal password As String, ByVal logonFlags As UInt32, ByVal applicationName As String, ByVal commandLine As String, ByVal creationFlags As UInt32, ByVal environment As UInt32, ByVal currentDirectory As String, ByRef startupInfo As StartupInfo, ByRef processInformation As ProcessInformation) As Boolean
    End Function


    <DllImport("kernel32.dll", SetLastError:=True)> _
    Public Function GetExitCodeProcess(ByVal process As IntPtr, ByRef exitCode As UInt32) As Boolean
    End Function


    <DllImport("Kernel32.dll", SetLastError:=True)> _
    Public Function WaitForSingleObject(ByVal handle As IntPtr, ByVal milliseconds As UInt32) As UInt32
    End Function


    <DllImport("Kernel32.dll", SetLastError:=True)> _
    Public Function GetStdHandle(ByVal handle As IntPtr) As IntPtr
    End Function


    <DllImport("Kernel32.dll", SetLastError:=True)> _
    Public Function CloseHandle(ByVal handle As IntPtr) As Boolean
    End Function


    <STAThread()> _
    Overloads Sub Main(ByVal args() As String)
        Dim MyPointer As IntPtr = Marshal.AllocHGlobal(4)
        Marshal.WriteInt32(MyPointer, StdOutputHandle)
        Dim MyErrorPointer As IntPtr = Marshal.AllocHGlobal(4)
        Marshal.WriteInt32(MyErrorPointer, StdErrorHandle)
        Dim startupInfo As New StartupInfo
        startupInfo.reserved = Nothing
        startupInfo.flags = startupInfo.flags And Startf_UseStdHandles
        startupInfo.stdOutput = MyPointer  
        startupInfo.stdError = MyErrorPointer     

        Dim exitCode As System.UInt32 = Convert.ToUInt32(123456)
        Dim processInfo As New ProcessInformation

        Dim command As String = "c:\windows\Notepad.exe"
        Dim user As String = "administrator"
        Dim domain As String = System.Environment.MachineName
        Dim password As String = "admin acct password"
        Dim currentDirectory As String = System.IO.Directory.GetCurrentDirectory()

        Try
            CreateProcessWithLogonW(user, domain, password, Convert.ToUInt32(1), _
                command, command, Convert.ToUInt32(0), Convert.ToUInt32(0), _
                currentDirectory, startupInfo, processInfo)
        Catch e As Exception
            Console.WriteLine(e.ToString())
        End Try
        Console.WriteLine("Running ...")
        WaitForSingleObject(processInfo.process, Infinite)
        GetExitCodeProcess(processInfo.process, exitCode)

        Console.WriteLine("Exit code: {0}", exitCode)

        CloseHandle(processInfo.process)
        CloseHandle(processInfo.thread)
    End Sub 

End Module
于 2013-01-23T09:48:23.600 回答