以非管理员用户身份在Windows中运行重复任务的最佳方法?
[英]Best way to run a recurring task in windows as a non-admin user?
问题描述
I was under the impression that Scheduled Tasks would be the best way to run a C# 'sync' service (makes REST requests and writes to MySQL database) that runs every half hour. 
我的印象是,计划任务将是运行每半小时运行一次的C#“同步”服务(发出REST请求并写入MySQL数据库)的最佳方法。 However, it seems like in Windows 10, I would need to tweak the rights of a non-admin user (the 'run as batch' rights) in order to make this happen (something which isn't the case in earlier versions of windows?). 但是,似乎在Windows 10中,我需要调整非管理员用户的权限(“以批处理方式运行”权限)以实现此目的(在Windows的早期版本中不是这种情况) ?)。 On the other hand, if I were to schedule the task as an administrator, the non-admin can't even see the task, let alone get last run time and result. 另一方面,如果我将任务安排为管理员,则非管理员甚至看不到任务,更不用说获得上次运行时间和结果了。 Thus, no way for non-admin user to see if the task exists or has run successfully other than writing results to a log or something. 因此,除了将结果写入日志或其他内容外,非管理员用户无法查看任务是否存在或已成功运行。
I'm thinking I might just go back to using timers in an application that is constantly running. 我想我可能只是回到在不断运行的应用程序中使用计时器。 Is there a more 'efficient' way? 有没有更“有效”的方式?
1 个解决方案
解决方案1
0 2017-09-20 16:13:44
Don't get too confused here. 在这里不要太困惑。 Tasks have both an owner, and a user they run as. 任务既有所有者,又有运行用户。 By default only the owner of a job and admins can see/execute the job. 默认情况下,只有作业的所有者和管理员可以查看/执行该作业。 The owner defaults to being the user who created the job. 所有者默认为创建作业的用户。
You an admin can manually grant a non-admin user the needed right using local group policy. 您的管理员可以使用本地组策略手动授予非管理员用户所需的权限。 This policy is accessible by opening Local Security Policy . 通过打开“ 本地安全策略”可以访问此策略 。 In the Local Security Policy window, click Local Policy , User Rights Assignment , and then Logon as batch job. 在“ 本地安全策略”窗口中,单击“ 本地策略” ,“ 用户权限分配” ,然后单击“ 登录为批处理作业”。 You can add the user here, unless a higher level of group policy prevents this. 您可以在此处添加用户,除非更高级别的组策略阻止了此操作。
Alternatively, you can have the task run as "NT Authority\\Local Service" which is a non-admin account, which implicitly has the needed priveledge. 或者,您可以将任务作为“ NT Authority \\ Local Service”运行,这是一个非管理员帐户,隐式具有所需的特权。 You must set this up as an admin. 您必须将此设置为管理员。 Of course that means the admin will own the job. 当然,这意味着管理员将拥有该工作。
Regular users can be given access to see/execute the job. 可以为普通用户授予查看/执行作业的权限。 To do this the admin should locate the task on disk (it will be found in the C:\\windows\\system32\\tasks directory), and use the security tab to grant "Read & Execute" to "Users" or to specific users as desired. 为此,管理员应在磁盘上找到该任务(它将在C:\\windows\\system32\\tasks目录中找到),并使用安全性选项卡将“读取和执行”授予“用户”或特定用户想要的。
Microsoft actually does that with some of their tasks by default, even if the task runs with SYSTEM permissions (although obviously they have the installer change the Task File's security, rather than doing it by hand). 即使任务以SYSTEM权限运行,Microsoft也会默认情况下对它们的某些任务执行此操作(尽管显然他们让安装程序更改了Task File的安全性,而不是手动执行)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.