简体繁体 English

如何以管理员身份在Guest帐户中运行C＃应用程序

[英]How to run C# application in Guest account as a Administrator

原文 2011-08-09 06:59:25 1 2 c#/ windows/ security/ authentication/ registry

I didnt get correct answer and got lots of answers like "we can not do like this" for my previous questions. 我没有得到正确答案，并为我以前的问题得到了很多答案，比如“我们不能这样做”。

Thats why I decided to explain in detail about my problem please help me if you can or please ask your friend who can answer this. 这就是为什么我决定详细解释我的问题请帮助我，如果你可以或请问你的朋友谁能回答这个问题。

Now my problem: 现在我的问题：

Step 1: 步骤1：

I created a C# program which edits various windows registries. 我创建了一个C＃程序，它编辑各种Windows注册表。 For editing windows registries we must have an Admin privilege. 要编辑Windows注册表，我们必须具有管理员权限。 My program is running fine in Administrator mode without any problem. 我的程序在管理员模式下正常运行没有任何问题。

Step 2: 第2步：

I want my program to be run into limited user mode also. 我希望我的程序也可以运行到受限用户模式。 If few people didnt get what I am saying here is that I want to run my above C# code into Guest mode. 如果很少有人没有得到我在这里说的是我想将上面的C＃代码运行到访客模式。 In guest mode there is a restriction that We can not change Windows Registries. 在访客模式中有一个限制，我们无法更改Windows注册表。 So as I am executing my Application, I am getting one notification which is asking for Admin Password. 因此，当我执行我的应用程序时，我收到一个要求管理员密码的通知。 After inserting Admin Password my application is working fine. 插入管理员密码后我的应用程序运行正常。

Step 3: 第3步：

I want that my application must not ask Admin password every time in Guest/limited account. 我希望我的应用程序每次都不能在访客/有限帐户中询问管理员密码。 I also want that in Guest mode my Application should work. 我也想在访客模式下我的应用程序应该工作。 I also want that in Guest mode my Application should be able to access and change Windows Registries. 我还希望在访客模式下，我的应用程序应该能够访问和更改Windows注册表。

Step 4: 第4步：

Lot of people replied me that we can not do this in Guest mode since Windows is restricting users to edit windows registries for security purpose. 很多人回复我说我们无法在访客模式下执行此操作，因为Windows限制用户编辑Windows注册表以用于安全目的。 So please if you also feel like this then please do not reply to this question. 所以如果你也觉得这样，那么请不要回答这个问题。 I am answering to those people that, all good antivirus which run into Guest mode has access to Windows Registries. 我回答那些人，所有进入访客模式的好的防病毒软件都可以访问Windows注册表。

Step 5: 第5步：

Since I know Admin Password so is there any way of saving Admin password in our C# code and bypass popup message of asking Admin password again and again. 因为我知道管理员密码所以有任何方法可以在我们的C＃代码中保存管理员密码并绕过一次又一次询问管理员密码的弹出消息。
Is there any way that we will instruct Windows that our application will be running in Admin mode and do not ask for Admin password again and again 是否有任何方式我们将指示Windows我们的应用程序将以管理员模式运行，并且不会一次又一次地请求管理员密码
How Antivirus application running in Guest mode do all the operation like deleting virus from system32 folder and resetting registries after Virus attack. 在访客模式下运行的防病毒应用程序如何执行所有操作，例如从system32文件夹中删除病毒并在病毒攻击后重置注册表。 These antivirus application never asks for "We found a virus in System32 folder, Since I am running in Guest mode and unable to delete virus, so please enter Admin password so that I can delete virus" 这些防病毒应用程序从不要求“我们在System32文件夹中发现病毒，因为我在访客模式下运行而且无法删除病毒，所以请输入管理员密码以便我可以删除病毒”

I hope you understood what i mean to ask? 我希望你理解我的意思？

I want to develop a C# application which should run in any mode (Admin/Guest/Limited) and should be able to Create, Edit and Delete Windows Registries. 我想开发一个C＃应用程序，它应该以任何模式运行（Admin / Guest / Limited），并且应该能够创建，编辑和删除Windows注册表。

Note: Please do not answer this with "right click and Run As Administrator". 注意：请不要通过“右键单击并以管理员身份运行”来回答这个问题。

2 个解决方案

To the best of my knowledge, antivirus software solves this problem by running two (or more) processes: a user interface program running as the guest user, and a privileged process (usually a Windows service). 据我所知，防病毒软件通过运行两个（或更多）进程解决了这个问题：作为guest用户运行的用户界面程序和特权进程（通常是Windows服务）。 The user program is not able to actually manipulate privilege-restricted resources (like secure registry hives) -- instead, it communicates with the privileged process (hopefully in some secure way) and the privileged process performs the privileged action on behalf of the user. 用户程序无法实际操作特权限制资源（如安全注册表配置单元） - 而是与特权进程通信（希望以某种安全方式），特权进程代表用户执行特权操作。

This is the same kind of technique by which programs ever access privileged resources, such as hardware. 这是同一种技术，通过该节目有史以来访问特权的资源，如硬件。 Your user-level process doesn't (usually) have the right to perform various hardware actions, like remapping memory in the MMU, but the OS does, and you can get the OS to do what you want by asking it to. 您的用户级进程（通常）没有权利执行各种硬件操作，例如重新映射MMU中的内存，但操作系统会执行，您可以通过询问操作系统来执行您想要的操作。 System calls thunk into kernel mode, which is fully privileged. 系统调用thunk进入内核模式，该模式具有完全特权。 However, the system call interface limits the kinds of privileged actions which you can take. 但是，系统调用接口限制了您可以执行的特权操作的类型。

I cant help but saying, NO, you cant do admin things under a guest account. 我不能帮忙，但是说，不，你不能在访客帐户下管理。 And no- you cant programmatically bypass UAC. 并且你不能以编程方式绕过UAC。

Maybe the following 2 workarounds are interresting for you? 也许以下2个解决方法对你有用吗？

I believe antivirus software runs under the System account (can only be installed by an administrator). 我相信防病毒软件在系统帐户下运行（只能由管理员安装）。 For your application, you can create a server/client architecture (both running no the same machine) where the server is installed by the administrator (as part of the whole package) and runs by default under the System account. 对于您的应用程序，您可以创建一个服务器/客户端体系结构（两者都不运行同一台计算机），由管理员安装服务器（作为整个程序包的一部分），默认情况下在系统帐户下运行。 Then you can use the client on the quest account to send commands to the server. 然后，您可以使用任务帐户上的客户端将命令发送到服务器。

One other solution might be not to use the registry directly but use another underlying datastore which is accessible by a guest account and synchronize that on demand with the registry (startup and shutdown?), so you only need the admin to login once or twice during the run of your app. 另一个解决方案可能不是直接使用注册表，而是使用另一个可由访客帐户访问的基础数据存储，并根据需要将其与注册表同步（启动和关闭？），因此您只需要管理员在登录期间登录一次或两次您的应用程序的运行。