Security enables you to control access to desktop objects. For more information about security, see Access-Control Model.
安全能使你控制Desktop的访问。关于更多的安全信息,请查询:Access-Control Model.
You can specify a security descriptor for a desktop object when you call the CreateDesktop or CreateDesktopEx function. If you specify NULL, the desktop gets a default security descriptor. The ACLs in the default security descriptor for a desktop come from its parent window station.
当你调用CreateDesktop 或CreateDesktopEx 时,可以指定Desktop对象的安全描述符。如果为NULL,Desktop对象使用默认的安全描述符。Desktop默认安全描述符的ACLs来自他的父Window Station。
To get or set the security descriptor of a window station object, call the GetSecurityInfo and SetSecurityInfo functions.
设置窗口站的安全描述符可以使用:GetSecurityInfo 和 SetSecurityInfo 。
When you call the OpenDesktop or OpenInputDesktop function, the system checks the requested access rights against the object's security descriptor.
当你调用OpenDesktop 或OpenInputDesktop 时,系统校验请求的权限与对象权限的安全描述符。
The valid access rights for desktop objects include the standard access rights and some object-specific access rights. The following table lists the standard access rights used by all objects.
Desktop对象的有效访问权限包括共享访问权限和一些特定对象的访问权限。下面的表格中列出了所有共享对象可用的标准访问权限。
| Value | Meaning |
|---|---|
| DELETE (0x00010000L) | Required to delete the object.(删除对象) |
| READ_CONTROL (0x00020000L) | Required to read information in the security descriptor for the object, not including the information in the SACL. To read or write the SACL, you must request the ACCESS_SYSTEM_SECURITY access right. For more information, see SACL Access Right. (读取对象信息,但不包括SACL。读写SACL,必须ACCESS_SYSTEM_SECURITY权限。更多信息请查看:SACL Access Right。 |
| SYNCHRONIZE (0x00100000L) | Not supported for desktop objects.(不支持Desktop对象) |
| WRITE_DAC (0x00040000L) | Required to modify the DACL in the security descriptor for the object.(修改DACL) |
| WRITE_OWNER (0x00080000L) | Required to change the owner in the security descriptor for the object.(变更自己的安全描述符) |
The following table lists the object-specific access rights.
下表列出了特定对象的访问权限。
| Access right | Description |
|---|---|
| DESKTOP_CREATEMENU (0x0004L) | Required to create a menu on the desktop.(创建菜单) |
| DESKTOP_CREATEWINDOW (0x0002L) | Required to create a window on the desktop.(创建窗口) |
| DESKTOP_ENUMERATE (0x0040L) | Required for the desktop to be enumerated.(枚举Desktop) |
| DESKTOP_HOOKCONTROL (0x0008L) | Required to establish any of the window hooks.(创建任意空间Hook) |
| DESKTOP_JOURNALPLAYBACK (0x0020L) | Required to perform journal playback on a desktop.(执行日志重放) |
| DESKTOP_JOURNALRECORD (0x0010L) | Required to perform journal recording on a desktop.(记录日志功能) |
| DESKTOP_READOBJECTS (0x0001L) | Required to read objects on the desktop.(读取对象) |
| DESKTOP_SWITCHDESKTOP (0x0100L) | Required to activate the desktop using the SwitchDesktop function. 调用SwitchDesktop 激活Desktop。 |
| DESKTOP_WRITEOBJECTS (0x0080L) | Required to write objects on the desktop.(写对象) |
The following are the generic access rights for a desktop object contained in the interactive window station of the user's logon session.
下面是登录用户会话中交互式窗口站Desktop对象的一般访问权限。
| Access right | Description |
|---|---|
| GENERIC_READ |
DESKTOP_ENUMERATE |
| GENERIC_WRITE |
DESKTOP_CREATEMENU |
| GENERIC_EXECUTE |
DESKTOP_SWITCHDESKTOP |
| GENERIC_ALL |
DESKTOP_CREATEMENU |
You can request the ACCESS_SYSTEM_SECURITY access right to a desktop object if you want to read or write the object's SACL. For more information, see Access-Control Lists (ACLs) and SACL Access Right.
如果你想读写对象的SACL,请必须拥有Desktop对象的ACCESS_SYSTEM_SECURITY访问权限。更多信息,请访问Access-Control Lists (ACLs) and SACL Access Right。
160
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
