PCB 模拟Windows管理员域帐号安装软件
在我们PCB行业中,局域网的电脑一般都会加入域控的,这样可以方便集中管理用户权限,并可以对访问网络资源可以进行权限限制等.
由于加入了域控对帐号权限的管理,这样一来很多人都无权限安装软件,比如:PCB工程人员的电脑没有安装杀毒软件,要安装杀毒软件,这位工程师的帐号是无权限安装的,如果在不更改这位工程师人员的帐号权限的前提下,想实现让这位工程师可以自主安装杀毒软件,就需要借助模拟Windows域帐号进行操作了,实现的代码如下:
一,模拟管理员帐号安装软件代码
string cmd = string.Format("{0} {1} {2}", "msiexec", "/i", @"\\192.192.1.1\Soft\agent_cloud_x86.msi"); //杀毒软件路径 new Run().RunAs("域名", "用户名", "密码", cmd);
二,域帐号授权类代码
public class Run { /// <summary> /// Run a command with specified name, same as "runas /user:<domain></user> <cmdline> /// </summary> /// <param name="domain">domain where the user reside</param> /// <param name="user">user name</param> /// <param name="password">password</param> /// <param name="cmdline">the command line to execute</param> /// <returns>0 if succeed, error code otherwise</returns> public int RunAs(string domain, string user, string password, string cmdline) { StartupInfo si = new StartupInfo(); si.cb = Marshal.SizeOf(typeof(StartupInfo)); si.title = String.Format(@"Running {0} as {1}\{2}", cmdline, domain, user); ProcessInfo pi = new ProcessInfo(); if (CreateProcessWithLogonW(user, domain, password, LogonFlags.LOGON_WITH_PROFILE, null, cmdline, 0, IntPtr.Zero, null, ref si, out pi)) { CloseHandle(pi.hProcess); CloseHandle(pi.hThread); return 0; } else { return Marshal.GetLastWin32Error(); } } /// <summary> /// Logon flags definition /// </summary> [Flags] enum LogonFlags { LOGON_WITH_PROFILE = 0x00000001, LOGON_NETCREDENTIALS_ONLY = 0x00000002 } /// <summary> /// Creation flag definition /// </summary> [Flags] enum CreationFlags { CREATE_SUSPENDED = 0x00000004, CREATE_NEW_CONSOLE = 0x00000010, CREATE_NEW_PROCESS_GROUP = 0x00000200, CREATE_UNICODE_ENVIRONMENT = 0x00000400, CREATE_SEPARATE_WOW_VDM = 0x00000800, CREATE_DEFAULT_ERROR_MODE = 0x04000000, } /// <summary> /// Process info definition /// </summary> [StructLayout(LayoutKind.Sequential)] struct ProcessInfo { public IntPtr hProcess; public IntPtr hThread; public uint dwProcessId; public uint dwThreadId; } /// <summary> /// Startup info definition /// </summary> [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)] struct StartupInfo { public int cb; public string reserved1; public string desktop; public string title; public uint dwX; public uint dwY; public uint dwXSize; public uint dwYSize; public uint dwXCountChars; public uint dwYCountChars; public uint dwFillAttribute; public uint dwFlags; public ushort wShowWindow; public short reserved2; public int reserved3; public IntPtr hStdInput; public IntPtr hStdOutput; public IntPtr hStdError; } /// <summary> /// API declaration – CreateProcessWithLogonW() /// </summary> /// <param name="principal">user name</param> /// <param name="authority">domain name in AD enviroment or "." for local machine</param> /// <param name="password">password</param> /// <param name="logonFlags">whether user profile is loaded before executing the command</param> /// <param name="appName">application name, null if the application name is included in the command line</param> /// <param name="cmdLine">the command line – may include application path</param> /// <param name="creationFlags">creation flag</param> /// <param name="environmentBlock">enviroment block</param> /// <param name="currentDirectory">current directory for the application</param> /// <param name="startupInfo">startup information</param> /// <param name="processInfo">process information</param> /// <returns></returns> [DllImport("advapi32.dll", CharSet = CharSet.Unicode, ExactSpelling = true, SetLastError = true)] static extern bool CreateProcessWithLogonW( string principal, string authority, string password, LogonFlags logonFlags, string appName, string cmdLine, CreationFlags creationFlags, IntPtr environmentBlock, string currentDirectory, ref StartupInfo startupInfo, out ProcessInfo processInfo); /// <summary> /// Close the handle /// </summary> /// <param name="h">the handle to close</param> /// <returns>true if success</returns> [DllImport("kernel32.dll")] static extern bool CloseHandle(IntPtr h); //使用该函数无法获取被启动进程的PID,这在一些需要该ID的场合不太方便。以下函数通过查询系统当前进程表并比对启动时间获取新启动进程的PID。参数"app"文件映像名称。如%WINDIR%system32cmd.exe, app需要指定为:cmd.exe。不需要包含路径,但需要包含扩展名。 /// <summary> /// Get the latest started process ID by given application name /// </summary> /// <param name="app">the name of the application. MUST with extension.</param> /// <returns>The PID of the latest started process</returns> public int GetLastestPidByApplicationName(string app) { Process[] procs = Process.GetProcesses(); int lpid = -1; if ((procs != null) && (procs.Length > 0)) { DateTime latest = new DateTime(1970, 1, 1); try { for (int i = 0; i < procs.Length; i++) { if (procs[i].MainModule.FileName.ToLower().EndsWith("\\" + app.ToLower()) == false) { continue; } if ((latest != null) && (latest < procs[i].StartTime)) { latest = procs[i].StartTime; lpid = procs[i].Id; Console.WriteLine(latest.ToString()); } } } catch (Win32Exception) { } } return lpid; } }
作者:pcbren 微信号:yadnfku QQ号: 254566449
博客地址:https://www.cnblogs.com/pcbren/
声明:本博客原创文字只代表本人工作中在某一时间内总结的观点或结论,与本人所在单位没有直接利益关系。非商业,未授权,贴子请以现状保留,转载时必须保留此段声明,且在文章页面明显位置给出原文连接。
如果大家感觉我的博文对大家有帮助,请推荐支持一把。