如何以管理员身份在来宾帐户中运行 C# 应用程序
对于我之前的问题,我没有得到正确的答案,并且得到了很多诸如“我们不能这样做”之类的答案。
这就是为什么我决定详细解释我的问题,如果可以的话请帮助我,或者请询问你可以回答这个问题的朋友。
现在我的问题是:
第 1 步:
我创建了一个 C# 程序来编辑各种 Windows 注册表。 要编辑 Windows 注册表,我们必须拥有管理员权限。 我的程序在管理员模式下运行良好,没有任何问题。
第 2 步:
我希望我的程序也能在有限用户模式下运行。如果很少有人不明白我在这里所说的,我想在访客模式下运行上面的 C# 代码。 在访客模式下,有一个限制,即我们无法更改 Windows 注册表。 因此,当我执行我的应用程序时,我收到一条要求输入管理员密码的通知。 插入管理员密码后,我的应用程序运行正常。
步骤 3:
我希望我的应用程序不得每次在访客/受限帐户中询问管理员密码。 我还希望在访客模式下我的应用程序应该可以工作。 我还希望在访客模式下我的应用程序应该能够访问和更改 Windows 注册表。
步骤 4:
很多人回复我说我们不能在访客模式下执行此操作,因为 Windows 出于安全目的限制用户编辑 Windows 注册表。所以,如果您也有这样的感觉,请不要回答这个问题。 我对那些人的回答是,所有运行到访客模式的优秀防病毒软件都可以访问 Windows 注册表。
第 5 步:
因为我知道管理员密码,所以有什么方法可以在我们的 C# 代码中保存管理员密码,并绕过一次又一次询问管理员密码的弹出消息。
有什么方法可以指示 Windows 我们的应用程序将在管理员模式下运行,并且不会一次又一次要求输入管理员密码
在访客模式下运行的防病毒应用程序如何执行所有操作,例如从 system32 文件夹中删除病毒以及在病毒攻击后重置注册表。这些防病毒应用程序从不询问“我们在 System32 文件夹中发现病毒,由于我在来宾模式下运行并且无法删除病毒,因此请输入管理员密码,以便我可以删除病毒”
我希望您明白我的意思?
我想开发一个 C# 应用程序,它应该在任何模式(管理员/来宾/受限)下运行,并且应该能够创建、编辑和删除 Windows 注册表。
注意:请不要用“右键单击并以管理员身份运行”来回答此问题。
I didnt get correct answer and got lots of answers like "we can not do like this" for my previous questions.
Thats why I decided to explain in detail about my problem please help me if you can or please ask your friend who can answer this.
Now my problem:
Step 1:
I created a C# program which edits various windows registries.
For editing windows registries we must have an Admin privilege.
My program is running fine in Administrator mode without any problem.
Step 2:
I want my program to be run into limited user mode also. If few people didnt get what I am saying here is that I want to run my above C# code into Guest mode.
In guest mode there is a restriction that We can not change Windows Registries.
So as I am executing my Application, I am getting one notification which is asking for Admin Password.
After inserting Admin Password my application is working fine.
Step 3:
I want that my application must not ask Admin password every time in Guest/limited account.
I also want that in Guest mode my Application should work.
I also want that in Guest mode my Application should be able to access and change Windows Registries.
Step 4:
Lot of people replied me that we can not do this in Guest mode since Windows is restricting users to edit windows registries for security purpose. So please if you also feel like this then please do not reply to this question.
I am answering to those people that, all good antivirus which run into Guest mode has access to Windows Registries.
Step 5:
Since I know Admin Password so is there any way of saving Admin password in our C# code and bypass popup message of asking Admin password again and again.
Is there any way that we will instruct Windows that our application will be running in Admin mode and do not ask for Admin password again and again
How Antivirus application running in Guest mode do all the operation like deleting virus from system32 folder and resetting registries after Virus attack. These antivirus application never asks for "We found a virus in System32 folder, Since I am running in Guest mode and unable to delete virus, so please enter Admin password so that I can delete virus"
I hope you understood what i mean to ask?
I want to develop a C# application which should run in any mode (Admin/Guest/Limited) and should be able to Create, Edit and Delete Windows Registries.
Note: Please do not answer this with "right click and Run As Administrator".
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
据我所知,防病毒软件通过运行两个(或更多)进程来解决这个问题:一个以来宾用户身份运行的用户界面程序和一个特权进程(通常是Windows服务)。用户程序无法实际操作权限受限的资源(例如安全注册表配置单元)——相反,它与特权进程通信(希望以某种安全的方式),并且特权进程代表用户执行特权操作。
这与程序访问特权资源(例如硬件)所使用的技术相同。您的用户级进程(通常)无权执行各种硬件操作,例如重新映射 MMU 中的内存,但操作系统有,并且您可以通过要求操作系统执行您想要的操作。系统调用进入内核模式,这是完全特权的。但是,系统调用接口限制了您可以执行的特权操作的种类。
To the best of my knowledge, antivirus software solves this problem by running two (or more) processes: a user interface program running as the guest user, and a privileged process (usually a Windows service). The user program is not able to actually manipulate privilege-restricted resources (like secure registry hives) -- instead, it communicates with the privileged process (hopefully in some secure way) and the privileged process performs the privileged action on behalf of the user.
This is the same kind of technique by which programs ever access privileged resources, such as hardware. Your user-level process doesn't (usually) have the right to perform various hardware actions, like remapping memory in the MMU, but the OS does, and you can get the OS to do what you want by asking it to. System calls thunk into kernel mode, which is fully privileged. However, the system call interface limits the kinds of privileged actions which you can take.
我忍不住说,不,你不能在访客帐户下执行管理操作。不,您无法以编程方式绕过 UAC。
也许以下两种解决方法对您感兴趣?
我相信防病毒软件在系统帐户下运行(只能由管理员安装)。对于您的应用程序,您可以创建服务器/客户端体系结构(两者运行的计算机不同),其中服务器由管理员安装(作为整个包的一部分)并默认在系统帐户下运行。然后您可以使用任务帐户上的客户端向服务器发送命令。
另一种解决方案可能是不直接使用注册表,而是使用另一个可由来宾帐户访问的底层数据存储,并根据需要与注册表同步(启动和关闭?),因此您只需要管理员在期间登录一次或两次您的应用程序的运行。
I cant help but saying, NO, you cant do admin things under a guest account. And no- you cant programmatically bypass UAC.
Maybe the following 2 workarounds are interresting for you?
I believe antivirus software runs under the System account (can only be installed by an administrator). For your application, you can create a server/client architecture (both running no the same machine) where the server is installed by the administrator (as part of the whole package) and runs by default under the System account. Then you can use the client on the quest account to send commands to the server.
One other solution might be not to use the registry directly but use another underlying datastore which is accessible by a guest account and synchronize that on demand with the registry (startup and shutdown?), so you only need the admin to login once or twice during the run of your app.