我写了一个Windows服务(它运行良好)。现在我有一个单独的应用程序,我想从这个服务启动,但似乎这是不可能的没有管理员权限。
I wrote a windows service (and it runs fine). Now i have a separate app where I want to start this service from, but it seems this is not possible without administrator rights.
如何一个正确的解决方案,用户可以启动/停止服务(例如从托盘或应用程序)
How would a proper solution look like that a user can start/stop the service (e.g. from a tray or application)
IMHO其应用程序必须始终以管理员权限启动。
IMHO its bad that the application must always be started with administrator rights.
推荐答案您只需要更改服务对象的权限,最好在安装它的同时。
You just need to change the permissions on the service object, preferably at the same time you install it.
wchar_t sddl[] = L"D:" L"(A;;CCLCSWRPWPDTLOCRRC;;;SY)" // default permissions for local system L"(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)" // default permissions for administrators L"(A;;CCLCSWLOCRRC;;;AU)" // default permissions for authenticated users L"(A;;CCLCSWRPWPDTLOCRRC;;;PU)" // default permissions for power users L"(A;;RP;;;IU)" // added permission: start service for interactive users ; PSECURITY_DESCRIPTOR sd; if (!ConvertStringSecurityDescriptorToSecurityDescriptor(sddl, SDDL_REVISION_1, &sd, NULL)) { fail(); } if (!SetServiceObjectSecurity(service, DACL_SECURITY_INFORMATION, sd)) { fail(); }我假设这里已经打开了服务句柄。您需要WRITE_DAC权限。
I'm assuming here you've already opened the service handle. You need WRITE_DAC permission.
如果您还希望非管理员用户能够停止服务,请添加WP权限,例如
If you also want non-admin users to be able to stop the service, add the WP right, i.e.,
L"(A;;RPWP;;;IU)" // added permissions: start service, stop service for interactive users有关服务权利的SDDL代码可以在Wayne Martin的博客条目非管理员的服务控制管理中心安全性。
SDDL codes for service rights can be found in Wayne Martin's blog entry, Service Control Manager Security for non-admins.
更多推荐
从应用程序启动Windows服务,无管理员权限(c + +)
发布评论