使用受限用户帐户使用 SetSystemTime

发布于 2024-11-09 07:46:49 字数 1695 浏览 0 评论 0原文

操作系统：Windows XP（嵌入式）语言：c#

问题：使用受限用户帐户，我尝试使用函数 SetSystemTime() 以编程方式更改 Windows XP 的日期和时间，但它返回 false，错误代码为 5 ：访问被拒绝。

阅读MSDN文章后，我通过LogonUser()和Impersonate()函数将受限用户帐户模拟为管理员用户（属于管理员组，有权更改系统时间），并在SetSystemTime()之后调用，但结果是和以前一样。

我尝试将特权“SeSystemtimePrivilege”授予受限用户帐户，在调用不返回错误的 AdjustTokenPrivileges() 之前模拟它之后，但结果与以前相同。

代码：

const int  SE_PRIVILEGE_ENABLED = 2;

// Starting with limited user account
intPtr userToken = WindowsIdentity.GetCurrent(TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query).Token;

IntPtr tokenDuplicate = IntPtr.Zero;
IntPtr token = IntPtr.Zero;

LogonUser("administrator", domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token);
DuplicateToken(token, 2, ref tokenDuplicate);
WindowsImpersonationContext wic = (new WindowsIdentity(tokenDuplicate)).Impersonate();

bool enabled = true;

TOKEN_PRIVILEGES tokenPrivilege = new TOKEN_PRIVILEGES();
tokenPrivilege.PrivilegeCount = 1;
tokenPrivilege.Privileges = new LUID_AND_ATTRIBUTES[tokenPrivilege.PrivilegeCount];
tokenPrivilege.Privileges[0].Attributes = (UInt32)(enabled ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED);

if (LookupPrivilegeValue(null, "SeSystemtimePrivilege", out tokenPrivilege.Privileges[0].Luid))
    AdjustTokenPrivileges(userToken, false, ref tokenPrivilege, (UInt32)Marshal.SizeOf(typeof(TOKEN_PRIVILEGES)), IntPtr.Zero, IntPtr.Zero);

// Return to limited user account
wic.Undo();

if(!SetSystemTime(systemTime)) // systemTime in UTC time
   .... Error code here, 5 if I let administrator impersonate or 1314

您知道如何解决我的问题吗？

谢谢您的回答，阿兰

原文

Operating system: Windows XP (Embedded)
Language: c#

Problem:
With a limited user account, I try to change the date and time of Windows XP programmatically, by using the function SetSystemTime() but it returns false and the error code is 5: Access is denied.

After reading MSDN articles, I impersonate the limited user account to administrator user (belonging to administrators group and having rights to change system time), by using LogonUser() and Impersonate() functions, and call after SetSystemTime(), but the result is the same as before.

I try to give the privilege "SeSystemtimePrivilege" to the limited user account, after having impersonate it before calling AdjustTokenPrivileges() that returns no error, but the result is the same as before.

Code:

const int  SE_PRIVILEGE_ENABLED = 2;

// Starting with limited user account
intPtr userToken = WindowsIdentity.GetCurrent(TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query).Token;

IntPtr tokenDuplicate = IntPtr.Zero;
IntPtr token = IntPtr.Zero;

LogonUser("administrator", domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token);
DuplicateToken(token, 2, ref tokenDuplicate);
WindowsImpersonationContext wic = (new WindowsIdentity(tokenDuplicate)).Impersonate();

bool enabled = true;

TOKEN_PRIVILEGES tokenPrivilege = new TOKEN_PRIVILEGES();
tokenPrivilege.PrivilegeCount = 1;
tokenPrivilege.Privileges = new LUID_AND_ATTRIBUTES[tokenPrivilege.PrivilegeCount];
tokenPrivilege.Privileges[0].Attributes = (UInt32)(enabled ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED);

if (LookupPrivilegeValue(null, "SeSystemtimePrivilege", out tokenPrivilege.Privileges[0].Luid))
    AdjustTokenPrivileges(userToken, false, ref tokenPrivilege, (UInt32)Marshal.SizeOf(typeof(TOKEN_PRIVILEGES)), IntPtr.Zero, IntPtr.Zero);

// Return to limited user account
wic.Undo();

if(!SetSystemTime(systemTime)) // systemTime in UTC time
   .... Error code here, 5 if I let administrator impersonate or 1314

Do you have an idea how to resolve my problem?

Thank you for your answer,
Alain

分享到QQ

分享到微博