Windows 中用户配置文件的唯一标识符
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/787419/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Unique identifier for user profiles in Windows
提问by Sebastian Kirsche
For a client/server application I need to centrally store parts of the configuration information that usually goes into the users profile directory.
对于客户端/服务器应用程序,我需要集中存储通常进入用户配置文件目录的部分配置信息。
The client application would on first use write a file or registry entry with a GUID into the current profile. This GUID would subsequently be used as a key in the configuration database on the server.
客户端应用程序将首先使用将带有 GUID 的文件或注册表项写入当前配置文件。此 GUID 随后将用作服务器上配置数据库中的键。
Now I'm wondering if Windows user profiles already have unique identifiers I could use instead of generating my own GUIDs.
现在我想知道 Windows 用户配置文件是否已经有我可以使用的唯一标识符,而不是生成我自己的 GUID。
The username won't work because users might have multiple profiles. Combining it with the computer name won't work because there might be roaming profiles.
用户名将不起作用,因为用户可能有多个配置文件。将其与计算机名称组合将不起作用,因为可能存在漫游配置文件。
Update:
更新:
I just looked at the SIDs in HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileListon two computers in the same domain. Roaming is not enabled, so my user account has a separate profile on each machine. Both profiles are listed with the same SID. This means I have to keep generating my own GUIDs.
我只是查看HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList了同一域中两台计算机上的 SID 。漫游未启用,因此我的用户帐户在每台机器上都有一个单独的配置文件。两个配置文件都使用相同的 SID 列出。这意味着我必须不断生成自己的 GUID。
回答by Powerlord
Windows users and groups use security identifiers (SIDs).
Windows 用户和组使用安全标识符 (SID)。
A security identifier (SID) is a unique value of variable length that is used to identify a security principal or security group in Windows operating systems.
安全标识符 (SID) 是可变长度的唯一值,用于标识 Windows 操作系统中的安全主体或安全组。
There is a list of predefined SIDsthat Windows has built-in. Other SIDs are generated by combining the current computer's (randomly generated, 96-bit) SID with an incremented number.
有一个Windows 内置的预定义 SID 列表。其他 SID 是通过将当前计算机的(随机生成的,96 位)SID 与递增的数字组合来生成的。
SIDs of users that have accounts on a computer are stored in the registry under HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
在计算机上拥有帐户的用户的 SID 存储在注册表中 HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\ProfileList
Sample SIDs (taken from The Microsoft policy concerning disk duplication of Windows XP installations):
示例 SID(取自关于 Windows XP 安装磁盘重复的 Microsoft 政策):
The following example displays the SIDs for four local user accounts. Note that only the last four digits are incremented as new accounts are added.
以下示例显示四个本地用户帐户的 SID。请注意,随着新帐户的添加,只有最后四位数字会增加。
- S-1-5-21-191058668-193157475-1542849698-500 Administrator
- S-1-5-21-191058668-193157475-1542849698-1000 User 1
- S-1-5-21-191058668-193157475-1542849698-1001 User 2
- S-1-5-21-191058668-193157475-1542849698-1002 User 3
- S-1-5-21-191058668-193157475-1542849698-500 管理员
- S-1-5-21-191058668-193157475-1542849698-1000 用户 1
- S-1-5-21-191058668-193157475-1542849698-1001 用户 2
- S-1-5-21-191058668-193157475-1542849698-1002 用户 3
Because of how SIDs are generated, they shouldbe unique. Since they are part of the windows profile system, roaming profiles should have the same SID on every system.
由于 SID 的生成方式,它们应该是唯一的。由于它们是 windows 配置文件系统的一部分,漫游配置文件在每个系统上都应该具有相同的 SID。
回答by snowcrash09
You could use the user profile's security identifier (SID).
您可以使用用户配置文件的安全标识符 (SID)。
The LookupAccountName()Win32 API takes a user name and computer name as input and gives you back the associated SID.
该LookupAccountName()的Win32 API需要一个用户名和计算机名作为输入,让您备份相关的SID。
回答by Peter Wone
R Bemrose and snowccrash are correct, the account SID is precisely what you have requested. You are correct that in order for this solution to work you much enable roaming profiles; that's why they're called roaming profiles.
R Bemrose 和 snowccrash 是正确的,帐户 SID 正是您所要求的。您是正确的,为了使该解决方案起作用,您需要启用漫游配置文件;这就是为什么它们被称为漫游配置文件的原因。
If you don't want to use domain authentication to identify users then your other option is WAS (Windows Authentication Services). This is typically but not necessarily implemented atop Microsoft SQL Server in the ubiquitous ASPNETDB database.
如果您不想使用域身份验证来识别用户,那么您的另一个选择是 WAS(Windows 身份验证服务)。这通常但不一定在无处不在的 ASPNETDB 数据库中的 Microsoft SQL Server 上实现。
WAS is a dotnet solution, with elaborate support for ASP.NET that is also available for desktop software. If you don't like that either, you can roll your own but this seems to me a suboptimal application of resources. If you aren't building dotnet software you could still exploit WAS but it won't be quite so convenient.
WAS 是一个 dotnet 解决方案,精心支持 ASP.NET,也可用于桌面软件。如果你也不喜欢那样,你可以推出自己的,但在我看来,这似乎是资源的次优应用。如果您不构建 dotnet 软件,您仍然可以利用 WAS,但它不会那么方便。
回答by jjohn
I might use a more LDAP-centric solution to this problem, but it might be a lot more work for your app.
我可能会使用更以 LDAP 为中心的解决方案来解决这个问题,但对您的应用程序来说可能需要做更多的工作。
There are a few unique fields in AD for user. You could use the whole DN of a User record (i.e. DC=com,DC=example,CN=Users,DN=bob smith). That's what uniquely identifies a record in AD. However, MS also has a field called UPN, which looks like an email address (sometimes it is) and takes the form user@domain.
AD中有几个独特的字段供用户使用。您可以使用用户记录的整个 DN(即 DC=com,DC=example,CN=Users,DN=bob smith)。这就是在 AD 中唯一标识一条记录的原因。但是,MS 也有一个名为 UPN 的字段,它看起来像一个电子邮件地址(有时是)并采用 user@domain 的形式。
Of course, this information requires read access to AD and that may not be practical for your app.
当然,此信息需要对 AD 的读取访问权限,这对您的应用程序来说可能不切实际。
