有谁知道如何做到这一点?
注意:应用程序知道两个帐户的密码和登录信息。
答案 0 :(得分:2)
您是否尝试过LogonUser和WindowsIdentity.Impersonate?
答案 1 :(得分:1)
admin 1无法通过Windows访问该文件,但该用户帐户(admin 1)上运行的应用程序可以。
你不能以你想要的方式实现这一点。在admin 1上运行的程序“是”该用户。如果程序可以,用户总是可以通过Windows访问该文件。
您可以让程序加密文件中的数据。 admin 1用户将能够读取加密内容(看似随机数据),并更改(从而销毁)或删除文件。但是,除非该用户中断加密,否则只有程序(知道文件如何加密)才能对其进行有效更改。需要使用该文件的其他用户需要通过该程序(或另一个可以解密它以供使用的程序)访问它。
另一种替代方法是创建另一个用户帐户,仅向admin 2和新帐户授予对文件的访问权限,并让应用程序在“模拟”该新帐户后访问该帐户。然后,除了管理员1之外,您将拒绝为所有用户访问程序本身。但是,即使这样做,“域管理员”也可以访问该文件。
请记住,通过软件处理文件内容的任何用户都可以(例如)打印或将其复制到剪贴板,并对其执行任何操作。如果你不能相信你的员工做正确的事情,那你无论如何都可能注定失败。
答案 2 :(得分:0)
在MSDN上传了一点时间之后,这就是我能提出的所有内容,它与windows提供的“Run as”相同
测试&工作正常
代码:
Imports System
Imports System.Runtime.InteropServices
Module Module1
Public Infinite As System.UInt32 = Convert.ToUInt32(&HFFFFFFF)
Public Startf_UseStdHandles As Int32 = &H100
Public StdOutputHandle As Int32 = -11
Public StdErrorHandle As Int32 = -12
<StructLayout(LayoutKind.Sequential, CharSet:=CharSet.Auto)> _
Public Structure StartupInfo
Public cb As Integer
Public reserved As String
Public desktop As String
Public title As String
Public x As Integer
Public y As Integer
Public xSize As Integer
Public ySize As Integer
Public xCountChars As Integer
Public yCountChars As Integer
Public fillAttribute As Integer
Public flags As Integer
Public showWindow As UInt16
Public reserved2 As UInt16
Public reserved3 As Byte
Public stdInput As IntPtr
Public stdOutput As IntPtr
Public stdError As IntPtr
End Structure 'StartupInfo
Friend Structure ProcessInformation
Public process As IntPtr
Public thread As IntPtr
Public processId As Integer
Public threadId As Integer
End Structure 'ProcessInformation
<DllImport("advapi32.dll", SetLastError:=True, CharSet:=CharSet.Unicode)> _
Public Function CreateProcessWithLogonW(ByVal userName As String, ByVal domain As String, ByVal password As String, ByVal logonFlags As UInt32, ByVal applicationName As String, ByVal commandLine As String, ByVal creationFlags As UInt32, ByVal environment As UInt32, ByVal currentDirectory As String, ByRef startupInfo As StartupInfo, ByRef processInformation As ProcessInformation) As Boolean
End Function
<DllImport("kernel32.dll", SetLastError:=True)> _
Public Function GetExitCodeProcess(ByVal process As IntPtr, ByRef exitCode As UInt32) As Boolean
End Function
<DllImport("Kernel32.dll", SetLastError:=True)> _
Public Function WaitForSingleObject(ByVal handle As IntPtr, ByVal milliseconds As UInt32) As UInt32
End Function
<DllImport("Kernel32.dll", SetLastError:=True)> _
Public Function GetStdHandle(ByVal handle As IntPtr) As IntPtr
End Function
<DllImport("Kernel32.dll", SetLastError:=True)> _
Public Function CloseHandle(ByVal handle As IntPtr) As Boolean
End Function
<STAThread()> _
Overloads Sub Main(ByVal args() As String)
Dim MyPointer As IntPtr = Marshal.AllocHGlobal(4)
Marshal.WriteInt32(MyPointer, StdOutputHandle)
Dim MyErrorPointer As IntPtr = Marshal.AllocHGlobal(4)
Marshal.WriteInt32(MyErrorPointer, StdErrorHandle)
Dim startupInfo As New StartupInfo
startupInfo.reserved = Nothing
startupInfo.flags = startupInfo.flags And Startf_UseStdHandles
startupInfo.stdOutput = MyPointer
startupInfo.stdError = MyErrorPointer
Dim exitCode As System.UInt32 = Convert.ToUInt32(123456)
Dim processInfo As New ProcessInformation
Dim command As String = "c:\windows\Notepad.exe"
Dim user As String = "administrator"
Dim domain As String = System.Environment.MachineName
Dim password As String = "admin acct password"
Dim currentDirectory As String = System.IO.Directory.GetCurrentDirectory()
Try
CreateProcessWithLogonW(user, domain, password, Convert.ToUInt32(1), _
command, command, Convert.ToUInt32(0), Convert.ToUInt32(0), _
currentDirectory, startupInfo, processInfo)
Catch e As Exception
Console.WriteLine(e.ToString())
End Try
Console.WriteLine("Running ...")
WaitForSingleObject(processInfo.process, Infinite)
GetExitCodeProcess(processInfo.process, exitCode)
Console.WriteLine("Exit code: {0}", exitCode)
CloseHandle(processInfo.process)
CloseHandle(processInfo.thread)
End Sub
End Module