在服务中,我尝试使用以下代码启动程序:
HANDLE hPipe;
HANDLE hToken;
PROFILEINFO stProfileInfo;
char szUserName[64];
DWORD dwUserNameSize = 64;
// Take the identity of the client
ImpersonateNamedPipeClient(hPipe);
// Retrieve the user name (DOMAIN\USER)
GetUserNameEx(NameSamCompatible,szUserName,&dwUserNameSize);
// Get the impersonation token
OpenThreadToken(GetCurrentThread(),TOKEN_ALL_ACCESS,TRUE,&hToken);
// Load the user's profile
ZeroMemory(&stProfileInfo,sizeof(PROFILEINFO));
stProfileInfo.dwSize = sizeof(PROFILEINFO);
stProfileInfo.dwFlags = PI_NOUI;
stProfileInfo.lpUserName = szUserName;
LoadUserProfile(hToken,&stProfileInfo);
不幸的是,调用LoadUserProfile失败的GetLastError=5 (access denied). 在 userenv.log 中,我可以找到:
USERENV LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV LoadUserProfile: Entering, hToken = <0xc8>, lpProfileInfo = 0xb30aa4
USERENV LoadUserProfile: lpProfileInfo->dwFlags = <0x1>
USERENV LoadUserProfile: lpProfileInfo->lpUserName = <MYDOMAIN\USERNAME>
USERENV LoadUserProfile: NULL central profile path
USERENV LoadUserProfile: NULL default profile path
USERENV LoadUserProfile: NULL server name
USERENV LoadUserProfile: Failed to enable the restore privilege. error = c0000022
USERENV LoadUserProfile: Returning FALSE. Error = 5
当然,我检查了我的服务(以 SYSTEM 身份运行)是否启用了SE_RESTORE_NAME(和SE_BACKUP_NAME)权限。
任何帮助将不胜感激 !