简体繁体 English

如何在Windows 7上以提升的权限调用Win32 API

[英]How to call a Win32 API with elevated priviledges on Windows 7

原文 2010-12-02 13:09:28 2 3 c#/ .net/ elevated-privileges

We have just discovered that code that calls the Win32 SetDateTime function needs to run in elevated mode in Windows 7, ie even when logged in as an administrator, one still has to choose to run the Set Date code as Administrator for the call to change the date. 我们刚刚发现，调用Win32 SetDateTime函数的代码需要在Windows 7中以提升模式运行，即，即使以管理员身份登录，仍然必须选择以“管理员”身份运行“设置日期”代码才能更改该调用。日期。

Is there anything I can do in code to always call this function under elevated privileges? 我有什么可以做的代码始终在提升的特权下调用此函数？

3 个解决方案

You can use the ShellExecute API call to launch an executable with elevated privileges. 您可以使用ShellExecute API调用来启动具有提升特权的可执行文件。

However, if UAC (user access control) is enabled on the machine, the user will still get the UAC prompt asking for permissions to run elevated. 但是，如果在计算机上启用了UAC（用户访问控制），则用户仍会收到UAC提示符，询问提升权限的运行。

So I don't think you can avoid the prompt for elevation permission, but at least your user doesn't have to manually run the program as an admin. 因此，我认为您不能避免提示输入提升权限，但是至少您的用户不必以管理员身份手动运行该程序。

Please let me know if you need help in how to launch an executable as an admin. 如果您需要有关如何以管理员身份启动可执行文件的帮助，请告诉我。

This is just not how security works. 这不是安全性如何工作。 Changing the clock is a very intrusive operation, it has a very large number of side effects. 更改时钟是非常麻烦的操作，它有很多副作用。 There is no mechanism in Windows, or any other operating system for that matter, where you could start a process with limited privileges and then just arbitrarily bypass these limitations and suddenly gain administrator rights. Windows或任何其他操作系统都没有针对此问题的机制，您可以在其中以有限的特权启动进程，然后随意绕过这些限制并突然获得管理员权限。 There wouldn't be any point whatsoever to running programs with limited privileges if that was possible. 如果可能的话，以有限的特权运行程序将毫无意义。

If you want to do something like this then you'll have to run your program with elevated rights. 如果您想执行类似的操作，则必须以提升的权限运行程序。 On Vista and Win7 that requires you to run as a service or a scheduled task. 在Vista和Win7上，要求您作为服务或计划任务运行。 Which require an administrator to get installed. 这需要管理员进行安装。 UAC provides a way gain admin rights for regular programs, you have to include a manifest in your program so the user is notified about your privilege elevation. UAC提供了一种获取常规程序管理员权限的方法，您必须在程序中包含清单，以便向用户通知您的特权提升。 Google 'requireadministrator', take the first hit. Google'requireadministrator'，首当其冲。

Like others have said, you need to spawn a new process to get elevated permissions, which will result in a UAC dialog. 就像其他人所说的那样，您需要生成一个新进程来获得提升的权限，这将导致UAC对话框。

If this is something you need to run unattended you could try running as a service. 如果您需要在无人看管的情况下运行它，则可以尝试作为服务运行。 That would give you the elevated context you need. 这将为您提供所需的高级环境。