“允许服务与桌面交互”的替代方案?
我在一台服务器上安装了一个 Windows 服务 (C#),该服务每 10 分钟启动一个可执行文件 (C#),以处理从一个目录到另一个目录的一些图像。不需要与任何用户进行交互。尽管如此,由于可执行文件作为输出窗口,为了使服务运行,我必须启用“允许服务与桌面交互”复选框,它被视为 不安全且不好的做法。我该如何解决这个问题呢?我喜欢将可执行文件与我的 Windows 服务分开,因为
- 这样更容易调试和 不需要重新部署完整的 Windows 服务。
- 有时我使用相同的窗口 推出多项服务 不同的可执行文件 间隔(但都与相同的 项目)。
编辑:
当未启用与桌面的交互时,控制台应用程序无法正确执行,并且 Windows 日志中会出现以下错误:
Faulting application myapp.exe, version 1.0.0.0, time stamp 0x4b8304c3,
faulting module KERNEL32.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000142, fault offset 0x00009eed, process id 0x10ec,
application start time 0x01cab736950a64b5.
启用桌面交互后,应用程序将正常执行。
有什么想法吗?
非常感谢您抽出时间。
I have a windows service (C#) installed on a server that launches every 10 minutes an executable file (C#) to process some images from one directory to another. No interaction is required with any user. Nevertheless, since the executable file as an output window, to make the service run I have to enable the "Allow service to interact with desktop" checkbox which is considered as an insecure and bad practice. How would I go about this problem? I like to have the executable separated from my windows service because
- it makes it easier to debug and
doesn't require a full windows service redeploy. - sometimes I use the same windows
service to launch several
executable files at different
intervals (but all related to the same
project).
EDIT:
When the interaction with the desktop is not enabled, the console application does not get executed correctly and the following error appears inside the Windows Logs:
Faulting application myapp.exe, version 1.0.0.0, time stamp 0x4b8304c3,
faulting module KERNEL32.dll, version 6.0.6002.18005, time stamp 0x49e03821,
exception code 0xc0000142, fault offset 0x00009eed, process id 0x10ec,
application start time 0x01cab736950a64b5.
Once the desktop interaction is enabled, application gets executed normally.
Any thoughts?
Thanks a lot for your time.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
如果您使用的是 Vista 及更高版本,并且实际上不需要与用户进行任何交互,但需要执行交互式 exe,则 Session 0 隔离功能 应该有助于缓解一些关于以下问题的担忧让服务与桌面交互的“不好的做法”(在会话 0 中没有物理控制台)。
此会话 0 隔离将防止非特权用户在获取交互式桌面时对您的服务执行粉碎攻击在不同的会话中。粉碎攻击是这种“与桌面交互”被认为是不好的做法的主要原因,如果您使用的是 Vista 或更高版本,如果您无法避免它(或者将不得不花费太多精力来做到这一点),那应该没问题。
因此,如果一切正常,那么您可能没问题。
当然,在操作系统更新后,一切可能会停止工作,因此最好准备好将交互性的依赖移出,因为您并不真正需要它。
If you are using Vista and later and you don't really need any interaction with the user, but have an interactive exe to execute, the Session 0 isolation feature should help alleviate some of the concerns about the 'bad practice' on having a service interact with the desktop (which in Session 0 has no physical console).
This Session 0 isolation would prevent unprivileged users from performing Shatter Attacks on your service as they get their interactive desktops in different sessions. Shatter attacks are the main reason why this 'interaction with desktop' was considered bad practice and if you are using Vista or later, it should be ok if you cannot avoid it (or will have to spend too much effort to do it).
So, if things are working fine as they are, you are probably ok.
Of course, after an OS update, things might just stop working, so it is probably better to prepare to move the dependency on interactivity out, as you don't really need it.
我知道这有点晚了,但在这种情况下,我会使用任务计划程序,而不用担心 Windows 服务。任务计划程序具有一套全面的计划选项,可以毫无问题地运行控制台应用程序。
I know this is a bit late but in this circumstance i would use the task scheduler and not bother with the windows service. The task scheduler has a comprehensive set of scheduling options and can run console applications without issue.
如果可以的话,我建议重写处理移动的可执行文件以不使用输出窗口。如果它们是没有输出的标准控制台应用程序,您可以从服务中执行它们,而不需要“允许服务与桌面交互”。这将为您提供所有好处,而无需对您的服务进行任何更改。
If you can, I would recommend rewriting your executables that handle the move to not use an output window. If they are standard, console applications with no output, you can execute them from within a service without requiring "Allow service to interact with desktop". This provides you all of the benefits, without any changes to your service.
子进程只是一个控制台应用程序吗?我没有编写过 Windows 服务,但我认为也许只启动没有窗口的子进程就足够了。使用采用 ProcessStartInfo 的 Process.Start 重载并将 ProcessStartInfo.CreateNoWindow 设置为 true。
http://msdn.microsoft.com/en-我们/library/system.diagnostics.processstartinfo.createnowindow.aspx
Is the subprocess just a console application? I've not written Windows Services, but I think perhaps just starting the subprocess without a window would be sufficient. Use the overload of Process.Start that takes a ProcessStartInfo and set ProcessStartInfo.CreateNoWindow to true.
http://msdn.microsoft.com/en-us/library/system.diagnostics.processstartinfo.createnowindow.aspx