当前位置: 文江博客话题详情

如何使应用程序在用户帐户上作为管理员运行?

发布于 2025-01-20 03:51:18 字数 1454 浏览 3 评论 0原文

是否可以在没有UAC弹出的用户帐户上运行.NET应用程序?我花了一些时间搜索此功能,但没有找到任何令人满意的答案。

对于某些背景信息,用户正在制造环境中运行测试应用程序,其中加密狗被插入USB(串行)端口。有时,Windows会弄乱COM端口并骑自行车端口可以解决问题。我们已经发现我们可以通过管理特权以编程方式执行此操作,但是我们不希望用户是管理员,我们也不希望用户处理UAC弹出窗口,或者上帝禁止,在UAC上单击“否”弹出窗口可禁用我们的功能并弄乱整个过程。

我如何强迫我的.NET应用程序运行作为管理员? 我发现了这个旧线程,但是他们的解决方案都要求用户被管理员或通常的UAC弹出窗口。

我们可以做些什么来启用这种能力,还是我们永远链接到UAC提示?我们确实拥有这些机器,并控制在它们上运行的应用程序和用户。

编辑:我们正在使用此方法骑自行车端口:

string ComPortName { get; set; } = "USB Serial Port (COM12)";
 

    private void button1_Click(object sender, EventArgs e)
    {
        SelectQuery query = new SelectQuery("Win32_PnPEntity", "Name=" + '"' + ComPortName + '"');
        ManagementObjectSearcher myDevices = new ManagementObjectSearcher(query);

        foreach (ManagementObject item in myDevices.Get())
        {
            textBox1.AppendText("Disabling port " + ComPortName + Environment.NewLine);
            ManagementBaseObject inParams = item.InvokeMethod("Disable", null, null);
            Thread.Sleep(3000);
            textBox1.AppendText("Enabling port " + ComPortName + Environment.NewLine);
            ManagementBaseObject UWFEnable = item.InvokeMethod("Enable", null, null);
            Thread.Sleep(3000);
            textBox1.AppendText("Finished cycling port " + ComPortName);
        }
    }
原文

Is it possible to make a .NET application always an admin while being run on a user account without a UAC popup? I've spent some time searching for this capability but haven't found any satisfactory answers.

For some background info, users are running a test application in a manufacturing environment where a dongle is plugged into a USB(to serial) port. Sometimes windows messes up the COM port and cycling the port can resolve the issue. We have discovered we can do this programmatically with admin privileges, but we do not want the users to be admins, and we also don't want the users to deal with a UAC popup or, god forbid, click "no" on the UAC popup to disable our capabilities and mess up the entire process.

How do I force my .NET application to run as administrator?
I have found this old thread but their solutions all require the user to be admin or the usual UAC popup.

Is there something we can do to enable this capability or are we forever chained to the UAC prompt? We do own these machines and control the applications and users running on them.

EDIT: We are cycling the COM port using this method:

string ComPortName { get; set; } = "USB Serial Port (COM12)";
 

    private void button1_Click(object sender, EventArgs e)
    {
        SelectQuery query = new SelectQuery("Win32_PnPEntity", "Name=" + '"' + ComPortName + '"');
        ManagementObjectSearcher myDevices = new ManagementObjectSearcher(query);

        foreach (ManagementObject item in myDevices.Get())
        {
            textBox1.AppendText("Disabling port " + ComPortName + Environment.NewLine);
            ManagementBaseObject inParams = item.InvokeMethod("Disable", null, null);
            Thread.Sleep(3000);
            textBox1.AppendText("Enabling port " + ComPortName + Environment.NewLine);
            ManagementBaseObject UWFEnable = item.InvokeMethod("Enable", null, null);
            Thread.Sleep(3000);
            textBox1.AppendText("Finished cycling port " + ComPortName);
        }
    }

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(2

紙鸢 2025-01-27 03:51:19

你不能,至少没有 UAC 提示。这是完全不可避免的,否则 Windows 即使可能也不会有任何安全性 - 绕过 UAC 必须是完全不可能,而不仅仅是“困难”。

无论如何解决您的问题的一些线索:

  • 您可以强制您的应用程序从第一步开始始终要求提升(即使其需要管理权限)。危险,但至少,你不会弄乱整个软件链:它会从一开始就得到提升。
  • 仅当确实需要时(例如,启动特定子进程时,或在保持上下文的情况下以提升模式启动您自己的应用程序时),您才可以请求 UAC。显然,您会一次又一次地询问,直到创建提升的子流程:如果用户单击“否”,那么您将再次尝试启动它。很烦人,但同样,你不会搞乱整个过程。
  • 您可以编写一个 Windows 服务,该服务将在管理权限下运行,以执行您需要的 COM 循环任务。然后,您可以从非提升的用户空间调用此服务,而不需要任何提升。我会推荐这个解决方案。

You can't, not without at least an UAC prompt. This is totally unavoidable, otherwise Windows wouldn't have any security if it was possible - it MUST be totally impossible, not just "difficult", to bypass UAC.

Some clues to solve anyway your problem:

  • You can force your application to always ask for elevation (i.e. make it to require administrative privileges) since the first step. Dangerous, but at least, you won't mess the whole software chain: it would be elevated from start.
  • You can ask for UAC only when it's really needed (for example, when launching a particular sub-process, or launching your own application in elevated mode while keeping context). Obviously, you'll ask again and again until the elevated subprocess is created: if user click on "No", then you try again to launch it. Annoying, but again, you won't mess up the whole process.
  • You can write a Windows service, that will run under administrative privileges, to perform the COM cycle task you need. Then, you can invoke this service from non-elevated user space, without requiring any elevation. I would recommend this solution.
回复 原文
茶花眉 2025-01-27 03:51:19

不,你不能。

假设用户是一个标准用户 - 例如一个 5 岁的女儿,

她不能成为管理员。

如果任何人都可以成为管理员 - 那么安全就没有意义了。 Windows NT是一个安全的操作系统。

问题的解决方案

解决问题的最简单方法是授予每个人执行该操作的权限。因为为了做到这一点:需要有人许可。

我们发现我们可以使用管理员权限以编程方式执行此操作

您没有提及您正在以编程方式执行哪些操作,或者您正在调用什么 Windows API。

  • 如果涉及注册表项、文件或服务,
  • 授予修改
  • 请向 Users 组(或 Everyone 组,如果您愿意)

权限这样用户就有权执行这些操作。

授予用户执行该操作的权限并不可耻 - 这就是您希望他们执行的操作。他们应该拥有执行此操作的权限。

如果您关心纵深防御,您可以遵循最小权限原则,而不是授予每个人执行该操作的权限,您可以将其授予一个用户:

  • 服务运行的用户作为
  • 计划任务运行的用户

然后您只需要担心您的程序与服务通信(要求它执行该操作),或者触发计划任务(以便它可以执行 事物)。

这样,只有服务/任务具有权限 - 并且您向该服务/任务授予对标准用户当前被拒绝的事物的修改权限。

想象一下 Windows XP

想象一下在 UAC 之前您将如何解决这个问题:

  • 用户是标准用户
  • ,并且没有 UAC 便利功能来帮助他们提升为管理员

在这种情况下,您将必须执行上述操作之一:

  • 授予每个人权限注册表项或文件夹
  • 创建确实拥有权限的服务或计划任务:并让您的程序要求它们执行此操作

No, you cannot.

Imagine the user is a standard user - e.g. a 5 year old daughter

She cannot just become an administrator.

If anyone could just become an administrator - then there's no point in having security. And Windows NT is a secure operating system.

Solution to your problem

The easiest way to solve your problem is to grant Everyone permission to do the thing. Because in order to do it: someone needs permission.

We have discovered we can do this programmatically with admin privileges

You don't mention what actions you are taking programmatically, or what Windows API you're calling.

  • If it involves a registry key, or file, or service
  • Grant Modify permission
  • to the Users group (or the Everyone group if you prefer)

This way the user's then have permission to do these things.

There's no shame in granting your users permissions to do the thing - it's what you want them to do. They should have permissions to do it.

If you care about defense-in-depth, you could follow the priciple of least privilege, and rather than granting everyone permission to do the thing, you can grant it to one user:

  • the user that a service runs as
  • the user that a scheduled task runs as

And then you only need to worry about your program communicating with a service (asking it to do the thing), or trigger the scheduled task (so that it can do the thing).

This way it's only the service/task that has permissions - and you grant that service/task the Modify permission on the thing that your standard users are currently denied from.

Imagine Windows XP

Imagine how you would have solved this before UAC:

  • the user is a standard user
  • and there is no UAC convenience feature to help them elevate to an administrator

In that case you would have to do one of the above:

  • grant everyone permission to the registry key, or folder
  • create a service or scheduled task that does have permission: and have your program ask them to do it
回复 原文
~没有更多了~

关于作者

倾城°AllureLove

暂无简介

文章
评论
27 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

alipaysp_snBf0MSZIv

文章 0 评论 0

梦断已成空

文章 0 评论 0

瞎闹

文章 0 评论 0

凯凯我们等你回来

文章 0 评论 0

寄意

文章 0 评论 0

似梦非梦

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文