使用受限用户帐户使用 SetSystemTime

发布于 2024-11-09 07:46:49 字数 1695 浏览 4 评论 0原文

操作系统:Windows XP(嵌入式) 语言:c#

问题: 使用受限用户帐户,我尝试使用函数 SetSystemTime() 以编程方式更改 Windows XP 的日期和时间,但它返回 false,错误代码为 5 :访问被拒绝

阅读MSDN文章后,我通过LogonUser()和Impersonate()函数将受限用户帐户模拟为管理员用户(属于管理员组,有权更改系统时间),并在SetSystemTime()之后调用,但结果是和以前一样。

我尝试将特权“SeSystemtimePrivilege”授予受限用户帐户,在调用不返回错误的 AdjustTokenPrivileges() 之前模拟它之后,但结果与以前相同。

代码:

const int  SE_PRIVILEGE_ENABLED = 2;

// Starting with limited user account
intPtr userToken = WindowsIdentity.GetCurrent(TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query).Token;

IntPtr tokenDuplicate = IntPtr.Zero;
IntPtr token = IntPtr.Zero;

LogonUser("administrator", domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token);
DuplicateToken(token, 2, ref tokenDuplicate);
WindowsImpersonationContext wic = (new WindowsIdentity(tokenDuplicate)).Impersonate();

bool enabled = true;

TOKEN_PRIVILEGES tokenPrivilege = new TOKEN_PRIVILEGES();
tokenPrivilege.PrivilegeCount = 1;
tokenPrivilege.Privileges = new LUID_AND_ATTRIBUTES[tokenPrivilege.PrivilegeCount];
tokenPrivilege.Privileges[0].Attributes = (UInt32)(enabled ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED);

if (LookupPrivilegeValue(null, "SeSystemtimePrivilege", out tokenPrivilege.Privileges[0].Luid))
    AdjustTokenPrivileges(userToken, false, ref tokenPrivilege, (UInt32)Marshal.SizeOf(typeof(TOKEN_PRIVILEGES)), IntPtr.Zero, IntPtr.Zero);

// Return to limited user account
wic.Undo();

if(!SetSystemTime(systemTime)) // systemTime in UTC time
   .... Error code here, 5 if I let administrator impersonate or 1314

您知道如何解决我的问题吗?

谢谢您的回答, 阿兰

Operating system: Windows XP (Embedded)
Language: c#

Problem:
With a limited user account, I try to change the date and time of Windows XP programmatically, by using the function SetSystemTime() but it returns false and the error code is 5: Access is denied.

After reading MSDN articles, I impersonate the limited user account to administrator user (belonging to administrators group and having rights to change system time), by using LogonUser() and Impersonate() functions, and call after SetSystemTime(), but the result is the same as before.

I try to give the privilege "SeSystemtimePrivilege" to the limited user account, after having impersonate it before calling AdjustTokenPrivileges() that returns no error, but the result is the same as before.

Code:

const int  SE_PRIVILEGE_ENABLED = 2;

// Starting with limited user account
intPtr userToken = WindowsIdentity.GetCurrent(TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query).Token;

IntPtr tokenDuplicate = IntPtr.Zero;
IntPtr token = IntPtr.Zero;

LogonUser("administrator", domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token);
DuplicateToken(token, 2, ref tokenDuplicate);
WindowsImpersonationContext wic = (new WindowsIdentity(tokenDuplicate)).Impersonate();

bool enabled = true;

TOKEN_PRIVILEGES tokenPrivilege = new TOKEN_PRIVILEGES();
tokenPrivilege.PrivilegeCount = 1;
tokenPrivilege.Privileges = new LUID_AND_ATTRIBUTES[tokenPrivilege.PrivilegeCount];
tokenPrivilege.Privileges[0].Attributes = (UInt32)(enabled ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED);

if (LookupPrivilegeValue(null, "SeSystemtimePrivilege", out tokenPrivilege.Privileges[0].Luid))
    AdjustTokenPrivileges(userToken, false, ref tokenPrivilege, (UInt32)Marshal.SizeOf(typeof(TOKEN_PRIVILEGES)), IntPtr.Zero, IntPtr.Zero);

// Return to limited user account
wic.Undo();

if(!SetSystemTime(systemTime)) // systemTime in UTC time
   .... Error code here, 5 if I let administrator impersonate or 1314

Do you have an idea how to resolve my problem?

Thank you for your answer,
Alain

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

强者自强 2024-11-16 07:46:49

我最近发布了一个类似的问题,不同的角度,但相同的基本需求,该问题的标题是“如何以非管理员身份检查本地安全策略权限”以供参考。

无论如何,如果您在本地安全策略中明确授予该标准用户更改系统时间权限,那么该非管理员就可以正常访问 SetSystemTime。我在问题中解释了我如何解决我的特殊需求,也许它可以帮助你?

祝你好运!

I recently posted a similar question, different angle, but same basic need, the title of that question is "how to check Local Security Policy rights as non-admin" for reference.

Anyhow, If you explicitly grant that standard user the Change System Time privilege in the Local Security Policy, then that non-admin can access the SetSystemTime just fine. I explain over in my question how I solved my particular needs, perhaps it might help you?

Good luck!

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文