以提升的标志(具有已知密码)的身份以管理员身份运行命令

时间:2019-03-26 18:01:30

标签: vb.net vbscript windows-10 elevation user-account-control

我有一个VB.net应用程序,需要由标准用户运行,但是有些功能需要以本地管理员的身份运行(具有我所关心的LSA,受信任的安装程序或其他系统帐户)的提升的标志)。这是一个帮助程序,允许用户运行内部应用程序,而无需输入本地管理员凭据并通过UAC提示符。 UAC旨在防止程序自发获得管理员特权,但就我而言,我们打算将这些凭据嵌入程序中。我们不想禁用UAC,只是绕过已经以其他方式完成的UAC,我们只需要使用run as admin标志启动run命令(例如reg add或CMD)即可。简单地运行runas不起作用,因为它们是标准用户帐户,当尝试将项目添加到注册表中的运行文件夹时,我们获得了拒绝访问的权限。

仅需说明,基本程序将永远不会以管理员身份运行。目的是使用它来调用具有嵌入式凭据的另一个程序或cmd.exe。标准用户将使用它。

我已经尝试了VB.Net system.diagnostics.process.start.flag = "runas"属性,但是没有用。

我也尝试了以下代码,但这也不起作用,并返回“ 1”。拨打

RunProgram("Administrator", "password", Environment.MachineName, "cmd.exe", "/c reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /f /v MyProgram /D " & System.Windows.Forms.Application.ExecutablePath())

任何想法如何进行?

我还使用VB.Net尝试了一个简单的cmd Runas

system.diagnostics.process.start.flag = "runas", and now Lib "Advapi32" Alias "CreateProcessWithLogonW".

下面是模块代码:

Public Module Impersonation

#Region "API Structures"
    <StructLayout(LayoutKind.Sequential)>
    Public Structure PROCESS_INFORMATION
        Dim hProcess As System.IntPtr
        Dim hThread As System.IntPtr
        Dim dwProcessId As Integer
        Dim dwThreadId As Integer
    End Structure

    <StructLayout(LayoutKind.Sequential)>
    Public Structure STARTUPINFO
        Dim cb As Integer
        Dim lpReserved As System.IntPtr
        Dim lpDesktop As System.IntPtr
        Dim lpTitle As System.IntPtr
        Dim dwX As Integer
        Dim dwY As Integer
        Dim dwXSize As Integer
        Dim dwYSize As Integer
        Dim dwXCountChars As Integer
        Dim dwYCountChars As Integer
        Dim dwFillAttribute As Integer
        Dim dwFlags As Integer
        Dim wShowWindow As Short
        Dim cbReserved2 As Short
        Dim lpReserved2 As System.IntPtr
        Dim hStdInput As System.IntPtr
        Dim hStdOutput As System.IntPtr
        Dim hStdError As System.IntPtr
    End Structure
#End Region
#Region "API Constants"
    Private Const LOGON_NETCREDENTIALS_ONLY As Integer = &H2
    Private Const NORMAL_PRIORITY_CLASS As Integer = &H20
    Private Const CREATE_DEFAULT_ERROR_MODE As Integer = &H4000000
    Private Const CREATE_NEW_CONSOLE As Integer = &H10
    Private Const CREATE_NEW_PROCESS_GROUP As Integer = &H200
    Private Const LOGON_WITH_PROFILE As Integer = &H1
#End Region
#Region "API Functions"
    Public Declare Unicode Function CreateProcessWithLogon Lib "Advapi32" Alias "CreateProcessWithLogonW" _
        (ByVal lpUsername As String,
         ByVal lpDomain As String,
         ByVal lpPassword As String,
         ByVal dwLogonFlags As Integer,
         ByVal lpApplicationName As String,
         ByVal lpCommandLine As String,
         ByVal dwCreationFlags As Integer,
         ByVal lpEnvironment As System.IntPtr,
         ByVal lpCurrentDirectory As System.IntPtr,
         ByRef lpStartupInfo As STARTUPINFO,
         ByRef lpProcessInfo As PROCESS_INFORMATION) As Integer

    Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As System.IntPtr) As Integer

#End Region



    Public Function RunProgramold(ByVal UserName As String, ByVal Password As String, ByVal Domain As String, ByVal Application As String, ByVal CommandLine As String)

        Dim siStartup As STARTUPINFO
        Dim piProcess As PROCESS_INFORMATION
        Dim intReturn As Integer

        If CommandLine Is Nothing OrElse CommandLine = "" Then CommandLine = String.Empty

        siStartup.cb = Marshal.SizeOf(siStartup)
        siStartup.dwFlags = 0

        intReturn = CreateProcessWithLogon(UserName, Domain, Password, LOGON_WITH_PROFILE, Application, CommandLine, NORMAL_PRIORITY_CLASS Or CREATE_DEFAULT_ERROR_MODE Or CREATE_NEW_CONSOLE Or CREATE_NEW_PROCESS_GROUP, IntPtr.Zero, IntPtr.Zero, siStartup, piProcess)

        If intReturn = 0 Then
            Dim errorMessage As New Win32Exception(Marshal.GetLastWin32Error())
            MsgBox("Cant start program:" & Application & CommandLine & errorMessage.Message)
            Throw New System.ComponentModel.Win32Exception(Marshal.GetLastWin32Error())
        End If

        CloseHandle(piProcess.hProcess)
        CloseHandle(piProcess.hThread)

        Return intReturn
    End Function
End Module

它应以管理员身份运行Reg Add,并将新条目写入注册表中的run文件夹。没有消息产生,我得到的唯一错误是“ 1”。

0 个答案:

没有答案