以用户身份从 Windows 服务运行进程失败并拒绝访问?
我正在开发一个需要对应用程序进行沙箱处理的项目。我能够创建一个 Windows 用户,创建一个目录,用应用程序填充该目录,然后以用户身份运行该应用程序。作为控制台应用程序运行,这完全可以正常工作,但是当我将其安装为服务时,我收到此异常:
System.ComponentModel.Win32Exception: Access is denied
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()
抛出此异常的代码是:
_process = new Process
{
StartInfo =
{
Arguments = "",
CreateNoWindow = true,
ErrorDialog = false,
FileName = instanceDirectory + "program.exe",
WorkingDirectory = instanceDirectory,
UseShellExecute = false,
UserName = GetUserNameForInstance(_id),
Password = GetPasswordForInstance(_id),
Domain = ""
},
EnableRaisingEvents = true
};
_process.Exited += ProcessExited;
_process.Start();
同样,仅在作为 Windows 服务运行时才会抛出此异常。根据 Windows 中的服务面板,该服务在本地系统下运行。
有什么想法吗?
I am working on a project that requires sandboxing an application. I am able to create a windows user, create a directory, fill the directory with an application, and run the application as a user. This works completely fine running as a console application, but when I install it as a service, I get this exception:
System.ComponentModel.Win32Exception: Access is denied
at System.Diagnostics.Process.StartWithCreateProcess(ProcessStartInfo startInfo)
at System.Diagnostics.Process.Start()
The code that throws this exception is:
_process = new Process
{
StartInfo =
{
Arguments = "",
CreateNoWindow = true,
ErrorDialog = false,
FileName = instanceDirectory + "program.exe",
WorkingDirectory = instanceDirectory,
UseShellExecute = false,
UserName = GetUserNameForInstance(_id),
Password = GetPasswordForInstance(_id),
Domain = ""
},
EnableRaisingEvents = true
};
_process.Exited += ProcessExited;
_process.Start();
Again, this is only thrown when running as a Windows Service. The service is running under LOCAL SYSTEM according the the Services panel in Windows.
Any Ideas?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
您最好以具有 IO 操作所需权限(包括 ACL 权限)的域帐户运行该服务。
在下面的示例中,“Alterter”服务设置为作为本地服务帐户运行。对于您的情况,我建议将服务作为 DOMAIN\UserAccount 运行。
(来源:windows-xp-services.com)
You might be better off running the service as a domain account which has the necessary permissions for IO operations (including ACL permissions).
In the below example the "Alterter" service is set to run as the local service account. In your case I'd suggest running the service as DOMAIN\UserAccount.
(source: windows-xp-services.com)
该帐户是否拥有您正在使用的资源的权限?它是否具有读取和写入目录的能力?
在这些类型的情况下,99% 的情况都是前置问题。
Does the account have the premissions to the resources you are using? Does it have the ability to read and write to the directory?
In these types of situations 99% of the time it is a premission issue.