在服务中,我尝试使用以下代码启动程序:
HANDLE hPipe;
HANDLE hToken;
PROFILEINFO stProfileInfo;
char szUserName[64];
DWORD dwUserNameSize = 64;
// Take the identity of the client
ImpersonateNamedPipeClient(hPipe);
// Retrieve the user name (DOMAIN\USER)
GetUserNameEx(NameSamCompatible,szUserName,&dwUserNameSize);
// Get the impersonation token
OpenThreadToken(GetCurrentThread(),TOKEN_ALL_ACCESS,TRUE,&hToken);
// Load the user's profile
ZeroMemory(&stProfileInfo,sizeof(PROFILEINFO));
stProfileInfo.dwSize = sizeof(PROFILEINFO);
stProfileInfo.dwFlags = PI_NOUI;
stProfileInfo.lpUserName = szUserName;
LoadUserProfile(hToken,&stProfileInfo);
不幸的是,对LoadUserProfile的调用失败了GetLastError=5 (access denied)。
在userenv.log中,我可以找到:
USERENV LoadUserProfile: Yes, we can impersonate the user. Running as self
USERENV LoadUserProfile: Entering, hToken = <0xc8>, lpProfileInfo = 0xb30aa4
USERENV LoadUserProfile: lpProfileInfo->dwFlags = <0x1>
USERENV LoadUserProfile: lpProfileInfo->lpUserName = <MYDOMAIN\USERNAME>
USERENV LoadUserProfile: NULL central profile path
USERENV LoadUserProfile: NULL default profile path
USERENV LoadUserProfile: NULL server name
USERENV LoadUserProfile: Failed to enable the restore privilege. error = c0000022
USERENV LoadUserProfile: Returning FALSE. Error = 5
当然,我检查了我的服务(以SYSTEM身份运行)是否启用了SE_RESTORE_NAME(和SE_BACKUP_NAME)权限。
非常感谢任何帮助!