問題描述

我編寫了一個 Windows 服務(并且運行良好).現在我有一個單獨的應用程序，我想從中啟動此服務，但如果沒有管理員權限，這似乎是不可能的.

I wrote a windows service (and it runs fine). Now i have a separate app where I want to start this service from, but it seems this is not possible without administrator rights.

用戶可以啟動/停止服務(例如從托盤或應用程序)的正確解決方案是怎樣的

How would a proper solution look like that a user can start/stop the service (e.g. from a tray or application)

恕我直言，應用程序必須始終以管理員權限啟動是不好的.

IMHO its bad that the application must always be started with administrator rights.

推薦答案

您只需要更改服務對象的權限，最好在安裝的同時更改.

You just need to change the permissions on the service object, preferably at the same time you install it.

wchar_t sddl[] = L"D:"
  L"(A;;CCLCSWRPWPDTLOCRRC;;;SY)"           // default permissions for local system
  L"(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)"   // default permissions for administrators
  L"(A;;CCLCSWLOCRRC;;;AU)"                 // default permissions for authenticated users
  L"(A;;CCLCSWRPWPDTLOCRRC;;;PU)"           // default permissions for power users
  L"(A;;RP;;;IU)"                           // added permission: start service for interactive users
  ;

PSECURITY_DESCRIPTOR sd;

if (!ConvertStringSecurityDescriptorToSecurityDescriptor(sddl, SDDL_REVISION_1, &sd, NULL))
{
   fail();
}

if (!SetServiceObjectSecurity(service, DACL_SECURITY_INFORMATION, sd))
{
   fail();
}

我在這里假設您已經打開了服務句柄.您需要 WRITE_DAC 權限.

I'm assuming here you've already opened the service handle. You need WRITE_DAC permission.

如果您還希望非管理員用戶能夠停止服務，請添加 WP 權限，即

If you also want non-admin users to be able to stop the service, add the WP right, i.e.,

L"(A;;RPWP;;;IU)"                           
  // added permissions: start service, stop service for interactive users

服務權限的 SDDL 代碼可以在 Wayne Martin 的博客條目中找到，非管理員的服務控制管理器安全.

SDDL codes for service rights can be found in Wayne Martin's blog entry, Service Control Manager Security for non-admins.

這篇關于在沒有管理員權限的情況下從應用程序啟動 Windows 服務 (c++)的文章就介紹到這了，希望我們推薦的答案對大家有所幫助，也希望大家多多支持html5模板網！