在交互式会话中启动 Windows 服务
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/897568/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Starting a Windows service in an interactive session
提问by Plutor
A colleague has a batch script program which needs to to run on a Windows Server in console mode, so that it has access to a Windows interactive session. The server is rebooted at regular intervals automatically (there's an unrelated closed-source application that runs on this machine that we have no control over). After a reboot he wants to automatically start a Windows interactive session and have this script run, plus the service needs to also have access to network resources (CIFS drives, in particular).
一位同事有一个批处理脚本程序,它需要以控制台模式在 Windows Server 上运行,以便它可以访问 Windows 交互式会话。服务器会定期自动重启(有一个无关的闭源应用程序运行在我们无法控制的这台机器上)。重新启动后,他想自动启动 Windows 交互式会话并运行此脚本,此外该服务还需要访问网络资源(尤其是 CIFS 驱动器)。
Here's what we've tried so far:
这是我们迄今为止尝试过的:
- Start as Windows service. This failed, since a Windows service can eitherhave access to interactive session orto network resources, but never both.
- Used Microsoft management console to add the script to run at startup, however this did not work.
- Used an HKLM registry key to start to run this script, however it only gets started when we manually open a remote desktop session on the server.
- Creating a scheduled task. The program invoked did not have access to interactive windows session.
- 作为 Windows 服务启动。这种失败,因为Windows服务可以任意访问交互式会话或网络资源,但不可能兼顾。
- 使用 Microsoft 管理控制台添加脚本以在启动时运行,但是这不起作用。
- 使用 HKLM 注册表项开始运行此脚本,但是只有当我们在服务器上手动打开远程桌面会话时它才会启动。
- 创建计划任务。调用的程序无权访问交互式 Windows 会话。
Any other suggestions? (Or maybe he missed something when he set up one of these suggestions?)
还有其他建议吗?(或者,当他设置这些建议之一时,他可能错过了什么?)
采纳答案by JimG
In case "Interact with desktop" on the service is not enough (I have seen a handful of cases where it is not), you can combine it with AutoAdminLogon. Create three (or four for a domain) REG_SZ values under HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon:
如果服务上的“与桌面交互”还不够(我见过少数情况下不是),您可以将其与 AutoAdminLogon 结合使用。在 HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon 下创建三个(或四个域)REG_SZ 值:
- DefaultUsername
- DefaultPassword
- DefaultDomain
- AutoAdminLogon
- 默认用户名
- 默认密码
- 默认域
- 自动管理登录
AutoAdminLogon should be set to the string"1", the others are self-explanatory.
AutoAdminLogon 应设置为字符串“1”,其他不言自明。
Obviously this has security issues big enough to fly Jupiter through.
显然,这存在足以让木星飞过的安全问题。
回答by Shrike
See my similar question and real answer to it: How to start a process from windows service into currently logged in user's sessionNOTE: "Interact with desktop" checkbox is not enough at all.
请参阅我的类似问题和真正的答案:How to start a process from windows service into current login user's session注意:“与桌面交互”复选框根本不够。
回答by Hyman Leow
Have you tried having your script run as a Windows service, but allowing it to interact with the desktop?
您是否尝试过将脚本作为 Windows 服务运行,但允许它与桌面交互?
Specifically:
具体来说:
- Go to the service properties page
- Click on the "Log On" tab
- Select "Local System account"
- Check "Allow service to interact with desktop"
- 转到服务属性页面
- 单击“登录”选项卡
- 选择“本地系统帐户”
- 勾选“允许服务与桌面交互”
回答by BobbyShaftoe
I recommend going about this another way. You could build another Windows app that communicates via IPC to the Windows Service and that could be what deals with the closed souorce application. But if you must, you can specify an option in the service (you can do this through MMC, registry, etc). Basically, you can see this option by going to Computer Management->Services and Applications->Services->Right click your service->Change account to Local System and check "Allow system to interact with desktop."
我建议以另一种方式解决这个问题。您可以构建另一个通过 IPC 与 Windows 服务通信的 Windows 应用程序,这可能是处理封闭源应用程序的内容。但如果必须,您可以在服务中指定一个选项(您可以通过 MMC、注册表等来执行此操作)。基本上,您可以通过转到计算机管理-> 服务和应用程序-> 服务-> 右键单击您的服务-> 将帐户更改为本地系统并选中“允许系统与桌面交互”来查看此选项。
However, again, I recommend choosing another path.
但是,我再次建议选择另一条路径。
回答by Paul Nathan
I had to do something similar recently; a route that I found but discarded due to security concerns is to have the interactive service set self as running in interactive mode and then run the ImpersonateUser function in the win32 API, which I thinkwill provide the benefits of both a user and the interactive session available from the LocalSystem.
我最近不得不做类似的事情;我发现但由于安全问题而放弃的一条路线是将交互式服务设置为以交互模式运行,然后在 win32 API 中运行 ImpersonateUser 函数,我认为这将提供用户和交互式会话的好处可从本地系统获得。
Needless to say, if someone broke into a service that did that, they would have total control of the machine.
不用说,如果有人闯入这样做的服务,他们将完全控制机器。
