windows 在没有 UAC 提示的情况下向启动时启动的应用程序授予管理员权限?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4640056/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Granting administrator privileges to an application launched at startup without UAC prompt?
提问by iKenndac
Background
背景
I've written a small C#/.NET 4.0 application that syncs various settings from a game installed in Program Files to and from other copies of the same game on different machines (think Chrome bookmark sync, but for this game). The sync itself is a relatively simple affair, dealing with files stored inside the game's Program Files folder.
我编写了一个小的 C#/.NET 4.0 应用程序,它可以将安装在 Program Files 中的游戏的各种设置与不同机器上同一游戏的其他副本同步(想想 Chrome 书签同步,但对于这个游戏)。同步本身是一个相对简单的事情,处理存储在游戏的 Program Files 文件夹中的文件。
On my machine, this works fine without having to elevate my application through UAC. Windows 7 makes the game use Program Files virtualisation and my application works fine with that.
在我的机器上,这可以正常工作,而无需通过 UAC 提升我的应用程序。Windows 7 使游戏使用 Program Files 虚拟化,我的应用程序可以很好地使用它。
However, on a lot of tester's machines, I'm getting reports that the application either can't work with the files and in come cases can't even see the game's folder! Having the user right-click and "Run as Administrator" solves the problem in every case.
然而,在很多测试者的机器上,我收到报告说应用程序要么无法处理文件,在某些情况下甚至看不到游戏的文件夹!让用户右键单击并“以管理员身份运行”可以解决任何情况下的问题。
So, we just set the application's manifest to require admin privileges, right? That's fine (although not ideal) for when the user manually invokes the application or the sync process because they'll be interacting with the application and ready to accept a UAC request.
所以,我们只是将应用程序的清单设置为需要管理员权限,对吗?当用户手动调用应用程序或同步过程时,这很好(虽然不理想),因为他们将与应用程序交互并准备接受 UAC 请求。
However, one of the features of my application is a "Sync Automatically" option, which allows the user to "set and forget" the application. With this set, the application puts itself into the registry at HKCU\Software\Microsoft\Windows\CurrentVersion\Run to be run at startup and sits in the system tray syncing the settings in the background as needed.
但是,我的应用程序的功能之一是“自动同步”选项,它允许用户“设置并忘记”应用程序。有了这个设置,应用程序将自己放入注册表 HKCU\Software\Microsoft\Windows\CurrentVersion\Run 以在启动时运行,并位于系统托盘中,根据需要在后台同步设置。
Obviously, I need to be smarter here. Presenting a UAC prompt as soon as the user logs in to their account or at random intervals afterwards isn't the way forwards.
显然,我需要在这里变得更聪明。一旦用户登录到他们的帐户或之后的随机时间间隔显示 UAC 提示不是前进的方式。
So, my question!
所以,我的问题!
What's the best way to approach a situation where I'd need to run an application at startup that needs administrator privileges? Is there a way to have the user authorise an installation that causes the system to automatically run the application with the correct privileges without a prompt at startup/login?
解决我需要在启动时运行需要管理员权限的应用程序的情况的最佳方法是什么?有没有办法让用户授权安装,使系统以正确的权限自动运行应用程序,而无需在启动/登录时提示?
UpdateJust to be clear, this must be achievable in code.
更新为了清楚起见,这必须可以在代码中实现。
采纳答案by iKenndac
You should consider making your Sync functionality exist within a Windows Service. This is the preferred method for running 'background' functionality on Windows.
您应该考虑让您的同步功能存在于 Windows 服务中。这是在 Windows 上运行“后台”功能的首选方法。
The Service can either run under the user's account (assuming they have permissions to modify the files), or you can use another account which does. Worst case, you can run as SYSTEM (although, this isn't best practice).
该服务可以在用户的帐户下运行(假设他们有修改文件的权限),或者您可以使用另一个帐户。最坏的情况是,您可以以 SYSTEM 身份运行(尽管这不是最佳做法)。
If you've already got your background process functionality working, then this should be a simple process to convert over to a Service.
如果您已经让后台进程功能正常工作,那么这应该是一个简单的转换为服务的过程。
There's a sample project here that will set you on the right path: http://www.codeproject.com/KB/dotnet/simplewindowsservice.aspx
这里有一个示例项目,可以让您走上正确的道路:http: //www.codeproject.com/KB/dotnet/simplewindowsservice.aspx
回答by Pilgerstorfer Franz
I would use Security namespace and check inline for the user roles.
我会使用 Security 命名空间并内联检查用户角色。
using System.Threading;
using System.Security.Principal;
namespace StackOverflow_Demo
{
class Program
{
static void Main(string[] args)
{
AppDomain.CurrentDomain.SetPrincipalPolicy(PrincipalPolicy.WindowsPrincipal);
WindowsPrincipal currentPrincipal = (WindowsPrincipal) Thread.CurrentPrincipal;
if (currentPrincipal.IsInRole("Administrators"))
{
// continue programm
}
else
{
// throw exception/show errorMessage - exit programm
}
}
}
}
The currentUser may start your application and will get an info message if he is not member of admininistrator role!
currentUser 可能会启动您的应用程序,如果他不是管理员角色的成员,则会收到一条信息消息!
Hope this may help!
希望这可能会有所帮助!
回答by Kate Gregory
Since you mentioned running at startup, why not use a scheduled task instead of what you're doing with the registry? You can set them up from code - there's a project on CodePlexthat is basically a managed wrapper to save you having to do the PInvokes yourself. You run your little "set up the startup task" app elevated, and it specifies that the app should launch elevated, and the user won't even be prompted. I believe that's the answer to the question in your last paragraph.
既然你提到在启动时运行,为什么不使用计划任务而不是你在注册表中做的事情?您可以从代码中设置它们 - CodePlex 上有一个项目,它基本上是一个托管包装器,可以让您不必自己执行 PInvokes。你运行你的小“设置启动任务”应用程序,它指定应用程序应该以提升的方式启动,甚至不会提示用户。我相信这就是您最后一段中问题的答案。
