3

tl/dr:我正在寻找一种方法来以当前从以Local System Account.

长版:

跟进:从作为本地系统帐户启动的程序中获取当前用户名

我的程序是从运行为Local System Account.

此服务在 Windows 启动时启动,基本上为某些硬件按钮提供功能,例如显示屏幕键盘。我的程序也分配给其中一个按钮,但它仅在实际用户登录时可用。

它所做的是使用硬件相机拍照并将其存储在文件系统的某个位置,这工作正常,但我无法将图片存储在网络路径上,这是可以理解的,因为这样做需要身份验证。

如果程序以登录用户的身份直接启动,则此身份验证可用,并且将文件存储在网络路径上工作正常。

有什么办法可以解决这个问题吗?

我首选的解决方案是以当前登录的用户身份启动程序,而不在某处存储密码和用户名。

在其他网站上找到的工作解决方案:http: //chabster.blogspot.com/2008/01/run-as-interactive-user-from-service.html

stdafx.h:

#include <WtsApi32.h>
#pragma comment(lib, "WtsApi32.lib")

#include <Userenv.h>
#pragma comment(lib, "Userenv.lib")

RunAsInteractiveUser 函数:

BOOL bRet;
HRESULT hr;

HANDLE processToken = NULL;
TOKEN_PRIVILEGES oldTokenPrivileges = { 0 };

HANDLE impersonationToken = NULL;
HANDLE userToken = NULL;

LPVOID pEnvironment = NULL;
PROCESS_INFORMATION processInformation = { 0 };

__try {
    bRet = OpenProcessToken(GetCurrentProcess(), 
       TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &processToken);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }

    // This step might not be necessary because 
    // SeTcbPrivilege is enabled by default for Local System
    LUID luid;
    bRet = LookupPrivilegeValue(NULL, _T("SeTcbPrivilege"), &luid);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }

    TOKEN_PRIVILEGES adjTokenPrivileges = { 0 };
    adjTokenPrivileges.PrivilegeCount = 1;
    adjTokenPrivileges.Privileges[0].Luid = luid;
    adjTokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

    DWORD dwOldTPLen;
    bRet = AdjustTokenPrivileges(processToken, FALSE, 
       &adjTokenPrivileges, sizeof(TOKEN_PRIVILEGES), 
       &oldTokenPrivileges, &dwOldTPLen);

    if (bRet) {
        hr = GetLastError();
        if (hr == ERROR_SUCCESS);
        else if (hr == ERROR_NOT_ALL_ASSIGNED) {
            // Enabled by default
        }
    }
    else {
        hr = GetLastError();
        return hr;
    }

    DWORD conSessId = WTSGetActiveConsoleSessionId();
    if (conSessId == 0xFFFFFFFF) {
        // There is no session attached to the console
        return ERROR_SUCCESS;
    }

    bRet = WTSQueryUserToken(conSessId, &impersonationToken);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }

    bRet = DuplicateTokenEx(impersonationToken, MAXIMUM_ALLOWED, NULL,
       SecurityIdentification, TokenPrimary, &userToken);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }

    STARTUPINFO si = { 0 };
    si.cb = sizeof(STARTUPINFO);
    si.lpDesktop = _T("winsta0\\default");

    bRet = CreateEnvironmentBlock(&pEnvironment, userToken, TRUE);
    if (!bRet) {
        hr = GetLastError();
        return hr;
    }

    bRet = CreateProcessAsUser(userToken, _T("C:\\Windows\\notepad.exe"), 
       NULL, NULL, NULL, FALSE, CREATE_UNICODE_ENVIRONMENT, 
       pEnvironment, NULL, &si, &processInformation);

    if (!bRet) {
        hr = GetLastError();
        return hr;
    }
}
__finally {
    if (processInformation.hThread) {
        CloseHandle(processInformation.hThread);
    }
    if (processInformation.hProcess) {
        CloseHandle(processInformation.hProcess);
    }
    if (pEnvironment) {
        bRet = DestroyEnvironmentBlock(pEnvironment);
    }
    if (userToken) {
        CloseHandle(userToken);
    }
    if (impersonationToken) {
        CloseHandle(impersonationToken);
    }
    if (processToken) {
        bRet = AdjustTokenPrivileges(processToken, 
           FALSE, &oldTokenPrivileges, sizeof(TOKEN_PRIVILEGES), NULL, NULL);
        CloseHandle(processToken);
    }
}
4

1 回答 1

2

you have to use CreateProcessAsUser. A guide can be found here and here. Hope this helps.

于 2011-04-08T09:33:36.350 回答