从登录 ID 获取用户 SID(Windows XP 及更高版本)
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2727393/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Get User SID From Logon ID (Windows XP and Up)
提问by Dave Ruske
I have a Windows service that needs to access registry hives under HKEY_USERS when users log on, either locally or via Terminal Server. I'm using a WMI query on win32_logonsession to receive events when users log on, and one of the properties I get from that query is a LogonId. To figure out which registry hive I need to access, now, I need the users's SID, which is used as a registry key name beneath HKEY_USERS.
我有一个 Windows 服务,当用户在本地或通过终端服务器登录时,它需要访问 HKEY_USERS 下的注册表配置单元。我在 win32_logonsession 上使用 WMI 查询来接收用户登录时的事件,我从该查询中获得的属性之一是 LogonId。为了确定我需要访问哪个注册表配置单元,现在我需要用户的 SID,它用作 HKEY_USERS 下的注册表项名称。
In most cases, I can get this by doing a RelatedObjectQuery like so (in C#):
在大多数情况下,我可以通过像这样(在 C# 中)执行 RelatedObjectQuery 来获得它:
RelatedObjectQuery relatedQuery = new RelatedObjectQuery( "associators of {Win32_LogonSession.LogonId='" + logonID + "'} WHERE AssocClass=Win32_LoggedOnUser Role=Dependent" );
where "logonID" is the logon session ID from the session query. Running the RelatedObjectQuery will generally give me a SID property that contains exactly what I need.
其中“logonID”是会话查询中的登录会话 ID。运行相关对象查询通常会给我一个包含我需要的 SID 属性。
There are two issues I have with this. First and most importantly, the RelatedObjectQuery will not return any results for a domain user that logs in with cached credentials, disconnected from the domain. Second, I'm not pleased with the performance of this RelatedObjectQuery --- it can take up to several seconds to execute.
我对此有两个问题。首先,也是最重要的一点,RelatedObjectQuery 不会为使用缓存凭据登录、与域断开连接的域用户返回任何结果。其次,我对这个 RelatedObjectQuery 的性能不满意 --- 它可能需要几秒钟才能执行。
Here's a quick and dirty command line program I threw together to experiment with the queries. Rather than setting up to receive events, this just enumerates the users on the local machine:
这是一个快速而肮脏的命令行程序,我把它放在一起来试验查询。这只是枚举本地计算机上的用户,而不是设置接收事件:
using System;
using System.Collections.Generic;
using System.Text;
using System.Management;
namespace EnumUsersTest
{
class Program
{
static void Main( string[] args )
{
ManagementScope scope = new ManagementScope( "\\.\root\cimv2" );
string queryString = "select * from win32_logonsession"; // for all sessions
//string queryString = "select * from win32_logonsession where logontype = 2"; // for local interactive sessions only
ManagementObjectSearcher sessionQuery = new ManagementObjectSearcher( scope, new SelectQuery( queryString ) );
ManagementObjectCollection logonSessions = sessionQuery.Get();
foreach ( ManagementObject logonSession in logonSessions )
{
string logonID = logonSession["LogonId"].ToString();
Console.WriteLine( "=== {0}, type {1} ===", logonID, logonSession["LogonType"].ToString() );
RelatedObjectQuery relatedQuery = new RelatedObjectQuery( "associators of {Win32_LogonSession.LogonId='" + logonID + "'} WHERE AssocClass=Win32_LoggedOnUser Role=Dependent" );
ManagementObjectSearcher userQuery = new ManagementObjectSearcher( scope, relatedQuery );
ManagementObjectCollection users = userQuery.Get();
foreach ( ManagementObject user in users )
{
PrintProperties( user.Properties );
}
}
Console.WriteLine( "\nDone! Press a key to exit..." );
Console.ReadKey( true );
}
private static void PrintProperty( PropertyData pd )
{
string value = "null";
string valueType = "n/a";
if ( pd.Value != null )
{
value = pd.Value.ToString();
valueType = pd.Value.GetType().ToString();
}
Console.WriteLine( " \"{0}\" = ({1}) \"{2}\"", pd.Name, valueType, value );
}
private static void PrintProperties( PropertyDataCollection properties )
{
foreach ( PropertyData pd in properties )
{
PrintProperty( pd );
}
}
}
}
So... is there way to quickly and reliably obtain the user SID given the information I retrieve from WMI, or should I be looking at using something like SENS instead?
那么...有没有办法根据我从 WMI 检索到的信息快速可靠地获取用户 SID,还是应该考虑使用 SENS 之类的东西?
回答by Rory
I asked a very similar questiona while back and got this answer: how to get a SID from a windows username.
不久前我问了一个非常相似的问题并得到了这个答案:how to get a SID from a windows username。
I was planning on using SystemEvents to detect when a user logs on to windows, then looping through the logged on users list at that point to detect all the logged on users. (Here's my question, about all this including references for detecting logons and current users.)
我计划使用 SystemEvents 来检测用户何时登录到 Windows,然后循环浏览当时的登录用户列表以检测所有登录用户。(这是我的问题,关于所有这些,包括检测登录和当前用户的参考。)
If you decide on an approach please post an update - I'd be interested to hear what you find works well.
如果您决定采用一种方法,请发布更新 - 我很想听听您发现什么效果很好。
回答by hB0
Another simple way: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion \ProfileList
另一种简单的方法:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList
回答by David Johnson
Powershell is easier.
Powershell 更容易。
Function GetSIDfromAcctName()
{
$myacct = Get-WmiObject Win32_UserAccount -filter "Name = '$env:USERNAME "
write-host Name: $myacct.name
Write-Host SID : $myacct.sid
}
回答by hB0
Another working answer (code in VB.Net)
另一个有效的答案(VB.Net 中的代码)
Public Function GetSIDfromAccName(ByVal strAccName As String) As String
Debug.WriteLine("***WMI-GetSIDfromAccName***")
Dim strSID As String = ""
Try
Dim wmiClass As System.Management.SelectQuery = New System.Management.SelectQuery(("Select * from Win32_UserAccount where Name='" _
+ (strAccName + "'")))
Dim wmiSearcher As System.Management.ManagementObjectSearcher = New System.Management.ManagementObjectSearcher(wmiClass)
For Each val As System.Management.ManagementBaseObject In wmiSearcher.Get
strSID = val("SID").ToString
Next
Catch e As Exception
Debug.WriteLine(e.ToString)
End Try
Return strSID
End Function
