修改 Windows 防火墙规则的用户权限是什么?
[英]What are user rights to modify Windows firewall rules?
问题描述
I'm trying to use COM objects from FirewallAPI.dll to set Windows Firewall rules programmatically from a C# application.
我正在尝试使用 FirewallAPI.dll 中的 COM 对象从 C# 应用程序以编程方式设置 Windows 防火墙规则。 The application is supposed to run under a user account that is not from the Administrators group.该应用程序应该在不是来自管理员组的用户帐户下运行。
I'm struggling with setting this user account permissions to modify the firewall.我正在努力设置此用户帐户权限以修改防火墙。
I gave this user the full access to HKLM\\SYSTEM\\CurrentControlSet\\services\\SharedAccess\\Parameters\\FirewallPolicy, it doesn't help.我给了这个用户对 HKLM\\SYSTEM\\CurrentControlSet\\services\\SharedAccess\\Parameters\\FirewallPolicy 的完全访问权限,它没有帮助。
When I try to use INetFwRule::put_RemoteAddresses, I get access denied exception.当我尝试使用 INetFwRule::put_RemoteAddresses 时,出现访问被拒绝异常。 How to get some information what rights are missing?如何获取一些信息缺少哪些权利?
1 个解决方案
解决方案1
3 已采纳 2014-12-09 23:54:52
I found the answer.我找到了答案。 A user has to have a “Network Configuration Operators” group listed with the mandatory flag in her security token.用户必须在其安全令牌中列出一个“网络配置操作员”组,并带有强制标志。
It can be achieved by adding the user to the “Network Configuration Operators” group and running a process with elevated privileges.可以通过将用户添加到“网络配置操作员”组并运行具有提升权限的进程来实现。 Without elevated integrity the group will be listed with “Deny” flag and the user still won't have the access.如果没有提升完整性,组将被列为“拒绝”标志,用户仍然没有访问权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.