有谁知道如何做到这一点?
注意:应用程序知道两个帐户的密码和登录信息。
您是否尝试过 LogonUser 和WindowsIdentity.Impersonate?
admin 1 无法通过 windows 访问该文件,但在该用户帐户 (admin 1) 上运行的应用程序可以。
你无法按照你想要的方式实现这一点。在管理员 1 上运行的程序“是”该用户。如果程序可以,用户始终可以通过 Windows 访问该文件。
您可以让程序加密文件中的数据。admin 1 用户将能够读取加密的内容(看似随机的数据),并更改(从而破坏)它,或删除文件。但是,除非该用户破坏了加密,否则只有程序(知道文件是如何加密的)才能对其进行有效的更改。需要使用该文件的其他用户将需要通过该程序访问它(或另一个可以解密它以供使用的用户)。
另一种选择是创建另一个用户帐户,仅向管理员 2 和新帐户授予对文件的访问权限,并在“模拟”该新帐户后让应用程序访问它。然后,您将拒绝除管理员 1 之外的所有用户对程序本身的访问。但是,即使这样做,“域管理员”也可以获取该文件。
请记住,任何通过软件处理文件内容的用户都可以(例如)将其打印或复制到剪贴板,并对其进行任何操作。如果你不能相信你的员工会做正确的事,那么你可能注定要失败。
在 MSDN 上花了一点时间后,我能想到的就是这些了,它与 windows 提供的“运行方式”相同
测试和工作正常
代码 :
Imports System
Imports System.Runtime.InteropServices
Module Module1
Public Infinite As System.UInt32 = Convert.ToUInt32(&HFFFFFFF)
Public Startf_UseStdHandles As Int32 = &H100
Public StdOutputHandle As Int32 = -11
Public StdErrorHandle As Int32 = -12
<StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto)> _
Public Structure StartupInfo
Public cb As Integer
Public reserved As String
Public desktop As String
Public title As String
Public x As Integer
Public y As Integer
Public xSize As Integer
Public ySize As Integer
Public xCountChars As Integer
Public yCountChars As Integer
Public fillAttribute As Integer
Public flags As Integer
Public showWindow As UInt16
Public reserved2 As UInt16
Public reserved3 As Byte
Public stdInput As IntPtr
Public stdOutput As IntPtr
Public stdError As IntPtr
End Structure 'StartupInfo
Friend Structure ProcessInformation
Public process As IntPtr
Public thread As IntPtr
Public processId As Integer
Public threadId As Integer
End Structure 'ProcessInformation
<DllImport("advapi32.dll", SetLastError:=True, CharSet:=CharSet.Unicode)> _
Public Function CreateProcessWithLogonW(ByVal userName As String, ByVal domain As String, ByVal password As String, ByVal logonFlags As UInt32, ByVal applicationName As String, ByVal commandLine As String, ByVal creationFlags As UInt32, ByVal environment As UInt32, ByVal currentDirectory As String, ByRef startupInfo As StartupInfo, ByRef processInformation As ProcessInformation) As Boolean
End Function
<DllImport("kernel32.dll", SetLastError:=True)> _
Public Function GetExitCodeProcess(ByVal process As IntPtr, ByRef exitCode As UInt32) As Boolean
End Function
<DllImport("Kernel32.dll", SetLastError:=True)> _
Public Function WaitForSingleObject(ByVal handle As IntPtr, ByVal milliseconds As UInt32) As UInt32
End Function
<DllImport("Kernel32.dll", SetLastError:=True)> _
Public Function GetStdHandle(ByVal handle As IntPtr) As IntPtr
End Function
<DllImport("Kernel32.dll", SetLastError:=True)> _
Public Function CloseHandle(ByVal handle As IntPtr) As Boolean
End Function
<STAThread()> _
Overloads Sub Main(ByVal args() As String)
Dim MyPointer As IntPtr = Marshal.AllocHGlobal(4)
Marshal.WriteInt32(MyPointer, StdOutputHandle)
Dim MyErrorPointer As IntPtr = Marshal.AllocHGlobal(4)
Marshal.WriteInt32(MyErrorPointer, StdErrorHandle)
Dim startupInfo As New StartupInfo
startupInfo.reserved = Nothing
startupInfo.flags = startupInfo.flags And Startf_UseStdHandles
startupInfo.stdOutput = MyPointer
startupInfo.stdError = MyErrorPointer
Dim exitCode As System.UInt32 = Convert.ToUInt32(123456)
Dim processInfo As New ProcessInformation
Dim command As String = "c:\windows\Notepad.exe"
Dim user As String = "administrator"
Dim domain As String = System.Environment.MachineName
Dim password As String = "admin acct password"
Dim currentDirectory As String = System.IO.Directory.GetCurrentDirectory()
Try
CreateProcessWithLogonW(user, domain, password, Convert.ToUInt32(1), _
command, command, Convert.ToUInt32(0), Convert.ToUInt32(0), _
currentDirectory, startupInfo, processInfo)
Catch e As Exception
Console.WriteLine(e.ToString())
End Try
Console.WriteLine("Running ...")
WaitForSingleObject(processInfo.process, Infinite)
GetExitCodeProcess(processInfo.process, exitCode)
Console.WriteLine("Exit code: {0}", exitCode)
CloseHandle(processInfo.process)
CloseHandle(processInfo.thread)
End Sub
End Module