程序化的 Windows 用户配置文件创建
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/5521431/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Programmatic Windows user profile creation
提问by beatgammit
I am trying to do something similar to what the user who asked this question is trying to do:
我正在尝试做一些类似于提出这个问题的用户正在尝试做的事情:
HTTPS Request From a Credential Provider DLL
Concerning the components of a user profile, I found this.
关于用户配置文件的组件,我发现了这个。
- What is the minimum profile that Windows will recognize and load?
- How do I create and register a profile with Windows?
- Windows 将识别和加载的最低配置文件是什么?
- 如何在 Windows 中创建和注册配置文件?
My target is Windows 7 (Professional or Enterprise). I'm more of a Linux guy, so I'm pretty clueless when it comes to programming on Windows, so please be gentle.
我的目标是 Windows 7(专业版或企业版)。我更像是一个 Linux 人,所以在 Windows 上编程时我很无能为力,所以请保持温和。
P.S. Is there a way that I can start developing on Linux then test on Windows without using a VM?
PS 有没有一种方法可以让我在 Linux 上开始开发,然后在不使用 VM 的情况下在 Windows 上进行测试?
This is what I'm trying to do
这就是我想要做的
I am building a profile synchronization program to be used by people that move around a lot so they don't have to bring a laptop everywhere. This question addresses the case where the user logs in to a new computer. Possible applications are:
我正在构建一个配置文件同步程序,供经常走动的人使用,这样他们就不必随身携带笔记本电脑。此问题解决了用户登录到新计算机的情况。可能的应用是:
- Businessmen that travel between offices frequently
- Students who use different computers everyday
- Users of internet cafes in foreign countries
- Home users who don't like copying files when they get a new computer
- 经常往返于办公室之间的商人
- 每天使用不同电脑的学生
- 国外网吧用户
- 不喜欢在获得新计算机时复制文件的家庭用户
I want to provide the best possible user experience that I can, and this means near-instantaneous profile creation. Roaming profiles are slow and buggy at best. Letting Windows create a profile is not really an option because I need to do custom authentication (I figured this one out) and I need to copy down settings from a server.
我想尽可能提供最好的用户体验,这意味着近乎即时的个人资料创建。漫游配置文件充其量是缓慢且有问题的。让 Windows 创建配置文件并不是一个真正的选择,因为我需要进行自定义身份验证(我想出了这个)并且我需要从服务器复制设置。
What I need is a way to:
我需要的是一种方法:
- Create only the bare essentials on user logon
- Update settings from the cloud if the profile has been updated
- Get the user from logon screen to working in under 30 seconds (preferably much faster)
- 仅在用户登录时创建基本要素
- 如果配置文件已更新,则从云端更新设置
- 让用户在 30 秒内从登录屏幕进入工作状态(最好快得多)
This is what I'm thinking of doing:
这就是我想做的事情:
- Authenticate user with server
- Contact Windows service to handle profile creation/update
- windows service will download bare settings while profile is created
- Settings are applied
- User is logged in
- 使用服务器验证用户
- 联系 Windows 服务来处理配置文件的创建/更新
- Windows 服务将在创建配置文件时下载裸设置
- 应用设置
- 用户已登录
回答by Oleg
First of all I would recommend you to read thisabout user profiles.
首先,我建议你阅读本关于用户个人资料。
The main idea of user profiles is simple and it stay unchanged starting with the first version of Windows NT (I mean Windows NT 3.1): The user profile consists from the directory structure existing on the local computer. One file (so named hive) from the user profile represents the current user part of the registry. It is important that the user has full access on his user profile. The access permission is saved not only in the file system, but also insideof the registry. So to create the profile for the user one have to create the user account before because the part of security descriptor of files of keys of registry must contain the SID (security identifier) of the user.
用户配置文件的主要思想很简单,它从 Windows NT 的第一个版本(我的意思是 Windows NT 3.1)开始保持不变:用户配置文件由本地计算机上现有的目录结构组成。用户配置文件中的一个文件(因此命名为 hive)代表注册表的当前用户部分。用户对其用户配置文件具有完全访问权限非常重要。存取权限的保存不仅在文件系统中,而且还内部注册表。因此,要为用户创建配置文件,必须先创建用户帐户,因为注册表项文件的安全描述符部分必须包含用户的 SID(安全标识符)。
If new user profile will be created the "prototype" of the user profile will be used as the template. The path to the template you can find in the registry as Defaultvalue under the HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileListregistry key. You can use GetDefaultUserProfileDirectoryto get the same information.
如果将创建新的用户配置文件,则用户配置文件的“原型”将用作模板。您可以在注册表中作为注册表项Default下的值找到的模板路径HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList。您可以使用GetDefaultUserProfileDirectory来获取相同的信息。
To create the profile one should login with the user account to get the login token (see LogonUserwith LOGON32_LOGON_INTERACTIVEflag for the dwLogonTypeparameter) and then use LoadUserProfilewhich will create the local user profile if it is not exist for the user. If the user has central or roaming profileone should fill in the input PROFILEINFOstructure the lpProfilePathso that it points to the user's roaming profile path which are on the server. To get the path one can use NetUserGetInfowith dwLevelequal to 4. This way is very old and is described for example here.
要创建配置文件,应使用用户帐户登录以获取登录令牌(请参阅带有参数标志的LogonUser),然后使用LoadUserProfile,如果用户不存在该配置文件,它将创建本地用户配置文件。如果用户有中央或漫游配置文件,则应填写输入的PROFILEINFO结构,以便它指向服务器上用户的漫游配置文件路径。要获取路径,可以使用等于 4 的NetUserGetInfo。这种方式非常古老,例如在此处进行了描述。LOGON32_LOGON_INTERACTIVEdwLogonTypelpProfilePathdwLevel
Because the login token from [LogonUser] are really needed only to get the users SID which are needed to grand user permission to his files and registry keys, starting with Vista Microsoft introduced another simplified and very practical API CreateProfilewhich replaces CreateUserProfileEx(which exist only on Windows XP).
由于 [LogonUser] 的登录令牌实际上只需要获取用户 SID 所需的用户 SID,而这些 SID 是授予用户对其文件和注册表项的权限所必需的,因此从 Vista 开始,Microsoft 引入了另一个简化且非常实用的 API CreateProfile,它取代了CreateUserProfileEx(仅存在于在 Windows XP 上)。
All what I explain before is really needed only in seldom situations. Mostly only if you use the user account for the windows service. In the standard situation the user profile will be automatically created at the first interactive user loginon the computer.
我之前解释的所有内容只有在极少数情况下才真正需要。大多数情况下,仅当您使用 Windows 服务的用户帐户时。在标准情况下,用户配置文件将在第一次交互式用户登录计算机时自动创建。
If you need to make some changes for all users on the computer for example after the installation of new software you can do this in many ways without creating user profiles.
如果您需要对计算机上的所有用户进行一些更改,例如在安装新软件后,您可以通过多种方式进行更改,而无需创建用户配置文件。
If you explain more exactly whyyou need to create the user profiles I could probably suggest you some alternative way to archive the same goals.
如果您更准确地解释为什么需要创建用户配置文件,我可能会建议您使用其他方法来存档相同的目标。
回答by beatgammit
I asked a very similar questionon ServerFault, and I really liked the answer I got there. To paraphrase, these are the steps:
我在 ServerFault 上问了一个非常相似的问题,我真的很喜欢我在那里得到的答案。换句话说,这些是步骤:
- Create Windows service to create profiles
- Create a custom ICredentialsProvider and authenticate user
- Call the profile-create service
- Tell Windows to continue logging on
- 创建 Windows 服务以创建配置文件
- 创建自定义 ICredentialsProvider 并验证用户
- 调用配置文件创建服务
- 告诉 Windows 继续登录
It seems there is no direct way to override it, but this seems quite clever, and quite possibly the only solution.
似乎没有直接的方法可以覆盖它,但这似乎很聪明,而且很可能是唯一的解决方案。
Since nobody has commented or left an answer, I'll change my question a little.
由于没有人发表评论或留下答案,我将稍微改变我的问题。
