您可以使用SetSecurityInfo
或SetServiceObjectSecurity
更改服务 ACL。此代码创建一个服务,然后设置 ACL 以允许任何交互式登录用户启动该服务:
wchar_t sddl[] = L"D:"
L"(A;;CCLCSWRPWPDTLOCRRC;;;SY)"
// default permissions for local system
L"(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)"
// default permissions for administrators
L"(A;;CCLCSWLOCRRC;;;AU)"
// default permissions for authenticated users
L"(A;;CCLCSWRPWPDTLOCRRC;;;PU)"
// default permissions for power users
L"(A;;RP;;;IU)"
// added permission: start service for interactive users
;
DWORD InstallService()
{
SC_HANDLE manager, service;
PSECURITY_DESCRIPTOR sd;
DWORD err;
wchar_t apppath[MAX_PATH + 2];
// Note: because this is only called from main() which exits
// immediately afterwards, no attempt is made to close the
// handles generated.
if (!ConvertStringSecurityDescriptorToSecurityDescriptor(sddl,
SDDL_REVISION_1, &sd, NULL))
{
err = GetLastError();
printf("Error %u creating security descriptor.\n", err);
return err;
}
if (!GetModuleFileName(0, apppath, MAX_PATH + 1))
{
err = GetLastError();
printf("Error %u fetching module name.\n", err);
return err;
}
if (_wcsicmp(apppath + wcslen(apppath) - wcslen(exename), exename) != 0)
{
printf("Application name mismatch: %ls\n",
apppath + wcslen(apppath) - wcslen(exename));
return ERROR_INVALID_FUNCTION;
}
manager = OpenSCManager(0, 0, SC_MANAGER_CREATE_SERVICE);
if (!manager)
{
err = GetLastError();
printf("Error %u connecting to service manager.\n", err);
return err;
}
service = CreateService(manager,
servicename,
displayname,
WRITE_DAC,
SERVICE_WIN32_OWN_PROCESS,
SERVICE_DEMAND_START,
SERVICE_ERROR_NORMAL,
apppath,
0,
0,
NULL,
NULL,
NULL);
if (!service)
{
err = GetLastError();
printf("Error %u installing service.\n", err);
return err;
}
if (!SetServiceObjectSecurity(service, DACL_SECURITY_INFORMATION, sd))
{
err = GetLastError();
printf("Error %u setting service security.\n", err);
return err;
}
printf("Service successfully installed.\n");
return 0;
}