如何从 Visual Basic 的另一个用户身份启动进程

概要 本文介绍如何以编程方式启动的进程，作为另一个用户从 Microsoft Visual Basic。 若要执行此操作， LogonUser并在运行 Microsoft Windows NT 4.0 中，一台计算机上的CreateProcessAsUser Win32 Api，您可以使用，也可以使用在运行 Microsoft Windows 2000 的计算机上的CreateProcessWithLogonW Win32 API 或更高版本。 无法从本地系统帐户下一个过程调用CreateProcessWithLogonW 。 回到顶端  |  提供反馈 更多信息 这篇文章包含检测到的操作系统版本的 Visual Basic 代码示例。 然后，它使用相应的 Api 以其他用户身份启动进程。 Windows NT 4.0 若要使用LogonUser和CreateProcessAsUser，调用的用户帐户必须具有一定的权限。 若要使用LogonUser()，调用的用户帐户必须具有以下权限： Permission Display Name ------------------------------------------------------------------ SE_TCB_NAME Act as part of the operating system 若要使用CreateProcessAsUser()，调用的用户帐户必须具有下列两种权限： Permission Display Name ------------------------------------------------------------ SE_ASSIGNPRIMARYTOKEN_NAME Replace a process level token SE_INCREASE_QUOTA_NAME Increase quotas 如果调用的用户帐户不具有"作为操作系统的一部分"权限， LogonUser() API 将失败，并生成返回的值为零。 如果在调用Err.LastDllError时，您会收到错误消息 1314年。 此消息意味着客户端未持有所需的权限。 同样，如果调用的用户帐户不具有"替换进程级令牌"，并以"增加配额"这两个权限， CreateProcessAsUser() API 将失败，并且将生成错误消息 1314年。 如果您以其他用户身份启动一个交互式应用程序，您必须有权的交互式窗口站和桌面上名为 winsta0\default。 如果应用程序是交互式的则调用方需要以编程方式向 winsta0\default 中添加所需的权限。 之后，调用方可以在 Visual Basic 下面的代码示例调用RunAsUser helper 函数。 您必须授予足够的权限，以便可以成功启动交互式应用程序在LogonUser()中指定的用户帐户。 下面的知识库文章具有 Visual Basic 代码示例，您可以使用更新窗口站和桌面上的权限。 316440如何使用 Low-Level 访问控制从 Visual Basic 的 api Windows 2000 及更高版本 CreateProcessWithLogonW() API 是在 Windows 2000 中引入的。 对CreateProcessWithLogonW()的调用不需要调用的用户帐户授予权限，这与LogonUser和CreateProcessAsUser的 Api。 在将来，使用CreateProcessWithLogonW() API。 它处理与继承的窗口站和桌面上的权限。 在此方案中，应用程序只需调用下面的 Visual Basic 代码示例中的RunAsUser helper 函数。 Option Explicit Private Const CREATE_DEFAULT_ERROR_MODE = &H4000000 Private Const LOGON_WITH_PROFILE = &H1 Private Const LOGON_NETCREDENTIALS_ONLY = &H2 Private Const LOGON32_LOGON_INTERACTIVE = 2 Private Const LOGON32_PROVIDER_DEFAULT = 0 Private Type STARTUPINFO cb As Long lpReserved As Long ' !!! must be Long for Unicode string lpDesktop As Long ' !!! must be Long for Unicode string lpTitle As Long ' !!! must be Long for Unicode string dwX As Long dwY As Long dwXSize As Long dwYSize As Long dwXCountChars As Long dwYCountChars As Long dwFillAttribute As Long dwFlags As Long wShowWindow As Integer cbReserved2 As Integer lpReserved2 As Long hStdInput As Long hStdOutput As Long hStdError As Long End Type Private Type PROCESS_INFORMATION hProcess As Long hThread As Long dwProcessId As Long dwThreadId As Long End Type ' LogonUser() requires that the caller has the following permission ' Permission Display Name ' -------------------------------------------------------------------- ' SE_TCB_NAME Act as part of the operating system ' CreateProcessAsUser() requires that the caller has the following permissions ' Permission Display Name ' --------------------------------------------------------------- ' SE_ASSIGNPRIMARYTOKEN_NAME Replace a process level token ' SE_INCREASE_QUOTA_NAME Increase quotas Private Declare Function LogonUser Lib "advapi32.dll" Alias _ "LogonUserA" _ (ByVal lpszUsername As String, _ ByVal lpszDomain As String, _ ByVal lpszPassword As String, _ ByVal dwLogonType As Long, _ ByVal dwLogonProvider As Long, _ phToken As Long) As Long Private Declare Function CreateProcessAsUser Lib "advapi32.dll" _ Alias "CreateProcessAsUserA" _ (ByVal hToken As Long, _ ByVal lpApplicationName As Long, _ ByVal lpCommandLine As String, _ ByVal lpProcessAttributes As Long, _ ByVal lpThreadAttributes As Long, _ ByVal bInheritHandles As Long, _ ByVal dwCreationFlags As Long, _ ByVal lpEnvironment As Long, _ ByVal lpCurrentDirectory As String, _ lpStartupInfo As STARTUPINFO, _ lpProcessInformation As PROCESS_INFORMATION) As Long ' CreateProcessWithLogonW API is available only on Windows 2000 and later. Private Declare Function CreateProcessWithLogonW Lib "advapi32.dll" _ (ByVal lpUsername As String, _ ByVal lpDomain As String, _ ByVal lpPassword As String, _ ByVal dwLogonFlags As Long, _ ByVal lpApplicationName As Long, _ ByVal lpCommandLine As String, _ ByVal dwCreationFlags As Long, _ ByVal lpEnvironment As Long, _ ByVal lpCurrentDirectory As String, _ ByRef lpStartupInfo As STARTUPINFO, _ ByRef lpProcessInformation As PROCESS_INFORMATION) As Long Private Declare Function CloseHandle Lib "kernel32.dll" _ (ByVal hObject As Long) As Long Private Declare Function SetErrorMode Lib "kernel32.dll" _ (ByVal uMode As Long) As Long Private Type OSVERSIONINFO dwOSVersionInfoSize As Long dwMajorVersion As Long dwMinorVersion As Long dwBuildNumber As Long dwPlatformId As Long szCSDVersion As String * 128 End Type ' Version Checking APIs Private Declare Function GetVersionExA Lib "kernel32.dll" _ (lpVersionInformation As OSVERSIONINFO) As Integer Private Const VER_PLATFORM_WIN32_NT = &H2 '******************************************************************** ' RunAsUser for Windows 2000 and Later '******************************************************************** Public Function W2KRunAsUser(ByVal UserName As String, _ ByVal Password As String, _ ByVal DomainName As String, _ ByVal CommandLine As String, _ ByVal CurrentDirectory As String) As Long Dim si As STARTUPINFO Dim pi As PROCESS_INFORMATION Dim wUser As String Dim wDomain As String Dim wPassword As String Dim wCommandLine As String Dim wCurrentDir As String Dim Result As Long si.cb = Len(si) wUser = StrConv(UserName + Chr$(0), vbUnicode) wDomain = StrConv(DomainName + Chr$(0), vbUnicode) wPassword = StrConv(Password + Chr$(0), vbUnicode) wCommandLine = StrConv(CommandLine + Chr$(0), vbUnicode) wCurrentDir = StrConv(CurrentDirectory + Chr$(0), vbUnicode) Result = CreateProcessWithLogonW(wUser, wDomain, wPassword, _ LOGON_WITH_PROFILE, 0&, wCommandLine, _ CREATE_DEFAULT_ERROR_MODE, 0&, wCurrentDir, si, pi) ' CreateProcessWithLogonW() does not If Result <> 0 Then CloseHandle pi.hThread CloseHandle pi.hProcess W2KRunAsUser = 0 Else W2KRunAsUser = Err.LastDllError MsgBox "CreateProcessWithLogonW() failed with error " & Err.LastDllError, vbExclamation End If End Function '******************************************************************** ' RunAsUser for Windows NT 4.0 '******************************************************************** Public Function NT4RunAsUser(ByVal UserName As String, _ ByVal Password As String, _ ByVal DomainName As String, _ ByVal CommandLine As String, _ ByVal CurrentDirectory As String) As Long Dim Result As Long Dim hToken As Long Dim si As STARTUPINFO Dim pi As PROCESS_INFORMATION Result = LogonUser(UserName, DomainName, Password, LOGON32_LOGON_INTERACTIVE, _ LOGON32_PROVIDER_DEFAULT, hToken) If Result = 0 Then NT4RunAsUser = Err.LastDllError ' LogonUser will fail with 1314 error code, if the user account associated ' with the calling security context does not have ' "Act as part of the operating system" permission MsgBox "LogonUser() failed with error " & Err.LastDllError, vbExclamation Exit Function End If si.cb = Len(si) Result = CreateProcessAsUser(hToken, 0&, CommandLine, 0&, 0&, False, _ CREATE_DEFAULT_ERROR_MODE, _ 0&, CurrentDirectory, si, pi) If Result = 0 Then NT4RunAsUser = Err.LastDllError ' CreateProcessAsUser will fail with 1314 error code, if the user ' account associated with the calling security context does not have ' the following two permissions ' "Replace a process level token" ' "Increase Quotoas" MsgBox "CreateProcessAsUser() failed with error " & Err.LastDllError, vbExclamation CloseHandle hToken Exit Function End If CloseHandle hToken CloseHandle pi.hThread CloseHandle pi.hProcess NT4RunAsUser = 0 End Function Public Function RunAsUser(ByVal UserName As String, _ ByVal Password As String, _ ByVal DomainName As String, _ ByVal CommandLine As String, _ ByVal CurrentDirectory As String) As Long Dim w2kOrAbove As Boolean Dim osinfo As OSVERSIONINFO Dim Result As Long Dim uErrorMode As Long ' Determine if system is Windows 2000 or later osinfo.dwOSVersionInfoSize = Len(osinfo) osinfo.szCSDVersion = Space$(128) GetVersionExA osinfo w2kOrAbove = _ (osinfo.dwPlatformId = VER_PLATFORM_WIN32_NT And _ osinfo.dwMajorVersion >= 5) If (w2kOrAbove) Then Result = W2KRunAsUser(UserName, Password, DomainName, _ CommandLine, CurrentDirectory) Else Result = NT4RunAsUser(UserName, Password, DomainName, _ CommandLine, CurrentDirectory) End If RunAsUser = Result End Function 回到顶端  |  提供反馈 属性 文章编号: 285879 - 最后修改: 2006年11月21日 - 修订: 6.3 这篇文章中的信息适用于: Microsoft Win32 Application Programming Interface 当用于 Microsoft Windows NT 4.0 the operating system: Microsoft Windows 2000 the operating system: Microsoft Windows XP Microsoft Windows Server 2003 Standard Edition 关键字：  kbmt kbapi kbhowto kbkernbase kbsecurity KB285879 KbMtzh 机器翻译 注意：这篇文章是由无人工介入的微软自动的机器翻译软件翻译完成。微软很高兴能同时提供给您由人工翻译的和由机器翻译的文章, 以使您能使用您的语言访问所有的知识库文章。然而由机器翻译的文章并不总是完美的。它可能存在词汇，语法或文法的问题，就像是一个外国人在说中文时总是可能犯这样的错误。虽然我们经常升级机器翻译软件以提高翻译质量，但是我们不保证机器翻译的正确度，也不对由于内容的误译或者客户对它的错误使用所引起的任何直接的, 或间接的可能的问题负责。 点击这里察看该文章的英文版：  285879 Microsoft和/或其各供应商对于为任何目的而在本服务器上发布的文件及有关图形所含信息的适用性，不作任何声明。 所有该等文件及有关图形均"依样"提供，而不带任何性质的保证。Microsoft和/或其各供应商特此声明，对所有与该等信息有关的保证和条件不负任何责任，该等保证和条件包括关于适销性、符合特定用途、所有权和非侵权的所有默示保证和条件。在任何情况下，在由于使用或运行本服务器上的信息所引起的或与该等使用或运行有关的诉讼中，Microsoft和/或其各供应商就因丧失使用、数据或利润所导致的任何特别的、间接的、衍生性的损害或任何因使用而丧失所导致的之损害、数据或利润不负任何责任。 引用方法，本方法实现在域普通用户下重启打印服务： Option Explicit Private Declare Sub Sleep Lib "kernel32" (ByVal dwMilliseconds As Long) Private Sub Form_Load() Dim UserName, Password, DomainName, CommandLine, CurrentDirectory As String Dim t As Long UserName = "administrator" Password = "123123" DomainName = "" CommandLine = "sc stop spooler" t = RunAsUser(UserName, Password, DomainName, CommandLine, "") Sleep 4000 CommandLine = "sc start spooler" t = RunAsUser(UserName, Password, DomainName, CommandLine, "") End End Sub