[英]How can I determine if a user can runas admin?
When a user needs to enter their license key, we want to put it in HKLM if we can, and in HKCU if we cannot. 当用户需要输入他们的许可证密钥时,如果可以,我们希望将其放入HKLM,如果我们不能,则在HKCU中。 If it is in HKLM then all users on the computer have the license without each having to enter it. 如果它在HKLM中,那么计算机上的所有用户都拥有许可证,而不必每次都输入它。
We are an AddOn to Office so we run with Office rights. 我们是Office的AddOn,因此我们使用Office权限运行。 Generally this is not admin rights (unless they have UAC turned off). 通常这不是管理员权限(除非他们关闭了UAC)。 So WindowsPrincipal.IsInRole(Administrator) will return false regardless of what the user could do. 因此,无论用户可以做什么,WindowsPrincipal.IsInRole(管理员)都将返回false。
If the user has local admin rights, we want to launch an applet that has runas=admin and they can then set it in HKLM. 如果用户具有本地管理员权限,我们希望启动具有runas = admin的applet,然后他们可以在HKLM中设置它。 However, if they do not have local admin rights, then we put it in HKCU. 但是,如果他们没有本地管理员权限,那么我们将其放入HKCU。
So... How can I determine if a user can do runas=admin? 那么......我怎样才能确定用户是否可以执行runas = admin? We're on .net 3.5. 我们在.net 3.5上。
thanks - dave 谢谢 - 戴夫
The process I generally use in some client software we wrote looks like this: 我通常在我们编写的一些客户端软件中使用的过程如下所示:
I have a helper function for running elevated code that looks like this (VB.Net). 我有一个帮助函数来运行看起来像这样的提升代码(VB.Net)。 Since I just use the same application with command-line flags to run the elevated process, you can see I'm using the current assembly for the process name. 由于我只使用带有命令行标志的相同应用程序来运行提升的进程,因此您可以看到我正在使用当前程序集作为进程名称。 You can replace with your particular process. 您可以替换您的特定流程。
Private Function RunElevated(commandLine As String, Optional ByVal timeout As Integer = 0) As Boolean
Dim startInfo As New ProcessStartInfo
startInfo.UseShellExecute = True
startInfo.WorkingDirectory = Environment.CurrentDirectory
Dim uri As New Uri(Assembly.GetEntryAssembly.GetName.CodeBase)
startInfo.FileName = uri.LocalPath
startInfo.Verb = "runas"
startInfo.Arguments = commandLine
Dim success As Boolean
Try
Dim p As Process = Process.Start(startInfo)
' wait thirty seconds for completion
If timeout > 0 Then
If Not p.WaitForExit(30000) Then
' did not complete in thirty seconds, so kill
p.Kill()
success = False
Else
success = True
End If
Else
p.WaitForExit()
success = True
End If
Catch ex As Win32Exception
success = False
Catch ex As Exception
MsgBox("Error occurred while trying to start application as administrator: " & ex.Message)
success = False
End Try
Return success
End Function
In the code above I handle exceptions as a failure code, and also I limit the execution to 30 seconds for our environment. 在上面的代码中,我将异常处理为失败代码,并且我还将执行限制为30秒。 You may not want to have a time-limit in your case, so you can just remove that part of the code. 您可能不希望在您的情况下有时间限制,因此您可以删除该部分代码。
In the admin mode process, I double-check I'm actually an administrator first using this helper function: 在管理模式过程中,我仔细检查我实际上是一个管理员,首先使用这个帮助函数:
Public Function IsAdmin() As Boolean
Dim id As WindowsIdentity = WindowsIdentity.GetCurrent
Dim p As New WindowsPrincipal(id)
Return p.IsInRole(WindowsBuiltInRole.Administrator)
End Function
Once I know I'm an admin, then I go ahead and set the registry keys and return. 一旦我知道我是管理员,那么我继续设置注册表项并返回。 The caller program then validates the keys were set successfully to determine whether the fallback procedure needs to be run. 然后,调用者程序验证密钥是否已成功设置以确定是否需要运行回退过程。 This is when RunElevated
returns back to the caller, because at that time the sub-process has completed and was either successful or failed to set the keys. 这是当RunElevated
返回给调用者时,因为此时子进程已完成并且成功或未能设置密钥。 That code looks something like this: 该代码看起来像这样:
Public Function UpdateSettings(...) As Boolean
Dim success As Boolean
Try
If Not IsAdmin() Then
' try to create the registry keys as administrator
success = RunElevated(Command() & " /admin", 30000)
Else
' if we're already admin, then just update directly
success = UpdateSettingsAdmin(...)
End If
success = success And ValidateUpdateSettings(...)
Catch ex As Exception
success = False
End Try
Return success
End Function
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.