在终端服务会话中访问可移动驱动器
我有一个托盘应用程序,它向 shell 注册,以便在将驱动器添加到系统或将介质插入驱动器时(通过 SHChangeNotifyRegister)接收通知。收到这些通知后,我尝试打开驱动器以从中查询一些属性。在我的测试中,我使用一个简单的 USB 闪存驱动器。当我在物理控制台登录时,这工作正常,但如果我通过远程桌面登录,则 CreateFile 调用将失败并显示 ERROR_ACCESS_DENIED。
我将 CreateFile 调用为:
CreateFile(szDrive, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0 NULL);
其中 szDrive 的格式为 "\\\\.\\G:"。之后,我进行了几次 DeviceIoControl 调用。
奇怪的是,我已经对此运行了进程监视器,并且在远程桌面场景中,我的托盘应用程序的驱动器上没有 CreateFile 的记录。我知道我的托盘应用程序正在调用它,因为我编写了一个日志文件,并且我在进程监视器日志中看到 CreateFile 调用该日志文件。就好像它还没有走得足够远,不足以被进程监视器挂钩。
该机器是Windows 7,具有所有默认设置(即UAC)。我的帐户是本地管理员。在这两种情况(本地和远程桌面)中,我都以标准用户身份运行托盘应用程序(即无提升)。但是,如果我提升托盘应用程序,则远程桌面方案将成功打开驱动器。
这可能最终成为我们不支持的场景,但我仍然想知道这里发生了什么。有什么想法吗?
编辑1:再次查看后,似乎所有驱动器(不仅仅是可移动驱动器)都会发生这种情况。观察到的行为是相同的:CreateFile 失败,并显示 ERROR_ACCESS_DENIED,并且进程监视器中没有日志。
编辑2:看来远程登录被拒绝读取访问;如果我将 GENERIC_READ 替换为 0,则它会成功打开驱动器(尽管 DeviceIoControl 调用因 ERROR_ACCESS_DENIED 而失败)。我正在尝试使用 WinObj 尝试查看是否可以授予对驱动器的远程登录读取访问权限。
I have a tray application that registers with the shell to receive notifications when a drive is added to the system or when media is inserted into a drive (via SHChangeNotifyRegister). Upon receipt of those notifications, I attempt to open the drive to query some properties from it. For my testing I am using a simple USB flash drive. This works fine when I am logged on at the physical console, but if I am logged on via remote desktop then the CreateFile call fails with ERROR_ACCESS_DENIED.
I am calling CreateFile as:
CreateFile(szDrive, GENERIC_READ, FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING, 0 NULL);
where szDrive is of the form "\\\\.\\G:". After this I make a couple of DeviceIoControl calls.
The strange thing is that I have run Process Monitor on this and in the remote desktop scenario there are NO records of CreateFile on the drive from my tray application. I know my tray app is calling it because I write a log file and I see the CreateFile calls for the log file in the Process Monitor log. It's like it's not even getting far enough to be hooked by Process Monitor.
The machine is Windows 7 with all the default settings (i.e. UAC). My account is a local administrator. In both scenarios (local and remote desktop) I am running my tray app as standard user (i.e. no elevation). However, if I elevate my tray app then the remote desktop scenario is successful in opening the drive.
This could end up being a scenario that we just won't support, but I would still like to know what's going on here. Any ideas?
EDIT 1: After looking at this again, it seems to happen for ALL drives (not just removable ones). The observed behavior is the same: CreateFile failing with ERROR_ACCESS_DENIED and no logs in Process Monitor.
EDIT 2: It seems the remote logon is being denied read access; if I replace GENERIC_READ with 0 then it successfully opens the drive (though the DeviceIoControl calls fail with ERROR_ACCESS_DENIED). I am playing around with WinObj trying to see if I can give the remote logon read access to the drives.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我相信我已经找到答案了。来自 Microsoft 有关 Vista 中可移动存储设备的白皮书:
因此,Vista 在设备上为交互式用户和远程用户设置不同的 ACL。我想它会是这样的。
I believe I have found the answer. From a Microsoft white paper about removable storage devices in Vista:
So Vista sets ACLs on devices differently for the interactive user vs remote users. I figured it would be something like this.