/// <summary> /// Submits a request for administrator rights to the specified host. /// </summary> /// <param name="hostName"> /// The name of the host to which the request is submitted. /// </param> private void RequestAdminRights(string hostName) { // The address of the remote computer's service host. string remoteHostAddress = string.Format("net.tcp://{0}/MakeMeAdmin/Service", hostName); // Open a connection to the remote host. NetTcpBinding binding = new NetTcpBinding(SecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, remoteHostAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); // Submit a request for administrator rights on the remote host. try { channel.AddUserToAdministratorsGroup(); } catch (System.ServiceModel.EndpointNotFoundException) { throw; } catch (Exception) { throw; // TODO: What do we do with this error? } }
/// <summary> /// Occurs when the background operation has completed, has been canceled, or has raised an exception. /// </summary> /// <param name="sender"> /// The button state BackgroundWorker object, which triggered the event. /// </param> /// <param name="e"> /// Data specific to this event. /// </param> private void ButtonStateWorkCompleted(object sender, System.ComponentModel.RunWorkerCompletedEventArgs e) { NetNamedPipeBinding binding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, Settings.NamedPipeServiceBaseAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); bool userIsAuthorizedLocally = false; try { userIsAuthorizedLocally = channel.UserIsAuthorized(Settings.LocalAllowedEntities, Settings.LocalDeniedEntities); namedPipeFactory.Close(); } catch (EndpointNotFoundException exception) { System.Text.StringBuilder message = new System.Text.StringBuilder(exception.Message); if (null != exception.InnerException) { message.Append(Environment.NewLine); message.Append("Inner Exception:"); message.Append(Environment.NewLine); message.Append(exception.InnerException.Message); } MessageBox.Show(this, exception.Message, Properties.Resources.ApplicationName, MessageBoxButtons.OK, MessageBoxIcon.Warning, MessageBoxDefaultButton.Button1); } catch (CommunicationObjectFaultedException) { // This typically happens when trying to dispose of the ChannelFactory<> object. } // Enable the "grant admin rights" button, if the user is not already // an administrator and is authorized to obtain those rights. this.addMeButton.Enabled = !this.userIsAdmin && userIsAuthorizedLocally; if (addMeButton.Enabled) { addMeButton.Text = Properties.Resources.GrantRightsButtonText; } else if (this.userIsAdmin) { addMeButton.Text = Properties.Resources.UIMessageAlreadyHaveRights; } else if (!userIsAuthorizedLocally) { addMeButton.Text = Properties.Resources.UIMessageUnauthorized; } // Enable the rights removal button if the user is directly a // member of the administrators group. this.removeMeButton.Enabled = this.userIsDirectAdmin; this.appStatus.Text = Properties.Resources.ApplicationIsReady; if (this.addMeButton.Enabled) { this.addMeButton.Focus(); } else if (this.removeMeButton.Enabled) { this.removeMeButton.Focus(); } }
/// <summary> /// This function runs when RunWorkerAsync() is called by the rights removal BackgroundWorker object. /// </summary> /// <param name="sender"> /// The BackgroundWorker that triggered the event. /// </param> /// <param name="e"> /// Data specific to this event. /// </param> private void removeUserBackgroundWorker_DoWork(object sender, System.ComponentModel.DoWorkEventArgs e) { NetNamedPipeBinding binding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, Settings.NamedPipeServiceBaseAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); channel.RemoveUserFromAdministratorsGroup(RemovalReason.UserRequest); namedPipeFactory.Close(); }
/// <summary> /// Occurs when the background operation has completed, has been canceled, or has raised an exception. /// </summary> /// <param name="sender"> /// The button state BackgroundWorker object, which triggered the event. /// </param> /// <param name="e"> /// Data specific to this event. /// </param> private void ButtonStateWorkCompleted(object sender, System.ComponentModel.RunWorkerCompletedEventArgs e) { NetNamedPipeBinding binding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, Settings.NamedPipeServiceBaseAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); bool userIsAuthorizedLocally = channel.UserIsAuthorized(Settings.LocalAllowedEntities, Settings.LocalDeniedEntities); namedPipeFactory.Close(); // Enable the "grant admin rights" button, if the user is not already // an administrator and is authorized to obtain those rights. if (!userIsAuthorizedLocally) { requestButton.Text = Properties.Resources.UIMessageUnauthorized; } else { if (!this.userIsAdmin) { this.Icon = Properties.Resources.Locked; this.notifyIcon.Icon = Properties.Resources.Locked; this.requestButton.Text = "Request Privileges"; this.pictureBox1.Image = Properties.Resources.Locked_Img; messageLabel.Text = Properties.Resources.GrantRightsButtonText; settingsToolStripMenuItem.Enabled = true; } else if (this.userIsAdmin) { this.Icon = Properties.Resources.Unlocked; this.notifyIcon.Icon = Properties.Resources.Unlocked; requestButton.Text = "Remove Privileges"; this.pictureBox1.Image = Properties.Resources.Unlocked_Img; messageLabel.Text = Properties.Resources.UIMessageAlreadyHaveRights; settingsToolStripMenuItem.Enabled = false; } /* If the edit menu is disable, disable everything within it */ foreach (ToolStripMenuItem item in settingsToolStripMenuItem.DropDownItems) { item.Enabled = settingsToolStripMenuItem.Enabled; } this.requestButton.Enabled = true; this.cancelButton.Enabled = true; this.requestButton.Focus(); } this.appStatus.Text = Properties.Resources.ApplicationIsReady; }
/// <summary> /// Occurs when the background operation has completed, has been canceled, or has raised an exception. /// </summary> /// <param name="sender"> /// The button state BackgroundWorker object, which triggered the event. /// </param> /// <param name="e"> /// Data specific to this event. /// </param> private void ButtonStateWorkCompleted(object sender, System.ComponentModel.RunWorkerCompletedEventArgs e) { NetNamedPipeBinding binding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, Settings.NamedPipeServiceBaseAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); bool userIsAuthorizedLocally = channel.UserIsAuthorized(Settings.LocalAllowedEntities, Settings.LocalDeniedEntities); namedPipeFactory.Close(); /* * bool userIsAuthorizedLocally = UserIsAuthorized(WindowsIdentity.GetCurrent(), Settings.LocalAllowedEntities, Settings.LocalDeniedEntities); */ // Enable the "grant admin rights" button, if the user is not already // an administrator and is authorized to obtain those rights. this.addMeButton.Enabled = !this.userIsAdmin && userIsAuthorizedLocally; if (addMeButton.Enabled) { addMeButton.Text = Properties.Resources.GrantRightsButtonText; } else if (this.userIsAdmin) { addMeButton.Text = Properties.Resources.UIMessageAlreadyHaveRights; } else if (!userIsAuthorizedLocally) { addMeButton.Text = Properties.Resources.UIMessageUnauthorized; } // Enable the rights removal button if the user is directly a // member of the administrators group. this.removeMeButton.Enabled = this.userIsDirectAdmin; this.appStatus.Text = Properties.Resources.ApplicationIsReady; if (this.addMeButton.Enabled) { this.addMeButton.Focus(); } else if (this.removeMeButton.Enabled) { this.removeMeButton.Focus(); } }
void NotifyIconTimerElapsed(object sender, System.Timers.ElapsedEventArgs e) { this.UpdateUserAdministratorStatus(); if (this.userIsAdmin != this.userWasAdminOnLastCheck) { NetNamedPipeBinding namedPipeBinding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(namedPipeBinding, Shared.NamedPipeServiceBaseAddress); IAdminGroup namedPipeChannel = namedPipeFactory.CreateChannel(); this.userWasAdminOnLastCheck = this.userIsAdmin; if ((!this.userIsAdmin) && (!namedPipeChannel.PrincipalIsInList())) { this.notifyIconTimer.Stop(); notifyIcon.ShowBalloonTip(5000, Properties.Resources.ApplicationName, string.Format(Properties.Resources.UIMessageRemovedFromGroup, LocalAdministratorGroup.LocalAdminGroupName), ToolTipIcon.Info); } namedPipeFactory.Close(); } }
/// <summary> /// This function runs when RunWorkerAsync() is called by the "grant admin rights" BackgroundWorker object. /// </summary> /// <param name="sender"> /// The BackgroundWorker that triggered the event. /// </param> /// <param name="e"> /// Data specific to this event. /// </param> private void addUserBackgroundWorker_DoWork(object sender, System.ComponentModel.DoWorkEventArgs e) { NetNamedPipeBinding binding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, Settings.NamedPipeServiceBaseAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); try { channel.AddUserToAdministratorsGroup(); } catch (System.ServiceModel.EndpointNotFoundException) { throw; } catch (Exception) { throw; // TODO: What do we do with this error? } namedPipeFactory.Close(); }
private void RequestAdminRights(string hostName) { string remoteHostAddress = string.Format("net.tcp://{0}/MakeMeAdmin/Service", hostName); NetTcpBinding binding = new NetTcpBinding(SecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, remoteHostAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); try { channel.AddPrincipalToAdministratorsGroup(); } catch (System.ServiceModel.EndpointNotFoundException) { throw; } catch (Exception) { throw; // TODO: What do we do with this error? } }
/// <summary> /// Executes when a change event is received from a Terminal Server session. /// </summary> /// <param name="changeDescription"> /// Identifies the type of session change and the session to which it applies. /// </param> protected override void OnSessionChange(SessionChangeDescription changeDescription) { switch (changeDescription.Reason) { // The user has logged off from a session, either locally or remotely. case SessionChangeReason.SessionLogoff: EncryptedSettings encryptedSettings = new EncryptedSettings(EncryptedSettings.SettingsFilePath); System.Collections.Generic.List <SecurityIdentifier> sidsToRemove = new System.Collections.Generic.List <SecurityIdentifier>(encryptedSettings.AddedUserSIDs); int[] sessionIds = LsaLogonSessions.LogonSessions.GetLoggedOnUserSessionIds(); // For any user that is still logged on, remove their SID from the list of // SIDs to be removed from Administrators. That is, let the users who are still // logged on stay in the Administrators group. foreach (int id in sessionIds) { SecurityIdentifier sid = LsaLogonSessions.LogonSessions.GetSidForSessionId(id); if (sid != null) { if (sidsToRemove.Contains(sid)) { sidsToRemove.Remove(sid); } } } // Process the list of SIDs to be removed from Administrators. for (int i = 0; i < sidsToRemove.Count; i++) { if ( // If the user is not remote. (!(encryptedSettings.ContainsSID(sidsToRemove[i]) && encryptedSettings.IsRemote(sidsToRemove[i]))) && // If admin rights are to be removed on logoff, or the user's rights do not expire. (Settings.RemoveAdminRightsOnLogout || !encryptedSettings.GetExpirationTime(sidsToRemove[i]).HasValue) ) { LocalAdministratorGroup.RemoveUser(sidsToRemove[i], RemovalReason.UserLogoff); } } /* * In theory, this code should remove the user associated with the logoff, but it doesn't work. * SecurityIdentifier sid = LsaLogonSessions.LogonSessions.GetSidForSessionId(changeDescription.SessionId); * if (!(UserList.ContainsSID(sid) && UserList.IsRemote(sid))) * { * LocalAdministratorGroup.RemoveUser(sid, RemovalReason.UserLogoff); * } */ break; // The user has logged on to a session, either locally or remotely. case SessionChangeReason.SessionLogon: WindowsIdentity userIdentity = LsaLogonSessions.LogonSessions.GetWindowsIdentityForSessionId(changeDescription.SessionId); if (userIdentity != null) { NetNamedPipeBinding binding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, Settings.NamedPipeServiceBaseAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); bool userIsAuthorizedForAutoAdd = channel.UserIsAuthorized(Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied); namedPipeFactory.Close(); // If the user is in the automatic add list, then add them to the Administrators group. if ( (Settings.AutomaticAddAllowed != null) && (Settings.AutomaticAddAllowed.Length > 0) && (userIsAuthorizedForAutoAdd /*UserIsAuthorized(userIdentity, Settings.AutomaticAddAllowed, Settings.AutomaticAddDenied)*/) ) { LocalAdministratorGroup.AddUser(userIdentity, null, null); } } else { ApplicationLog.WriteEvent(Properties.Resources.UserIdentifyIsNull, EventID.DebugMessage, System.Diagnostics.EventLogEntryType.Warning); } break; /* * // The user has reconnected or logged on to a remote session. * case SessionChangeReason.RemoteConnect: * ApplicationLog.WriteInformationEvent(string.Format("Remote connect. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ /* * // The user has disconnected or logged off from a remote session. * case SessionChangeReason.RemoteDisconnect: * ApplicationLog.WriteInformationEvent(string.Format("Remote disconnect. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ /* * // The user has locked their session. * case SessionChangeReason.SessionLock: * ApplicationLog.WriteInformationEvent(string.Format("Session lock. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ /* * // The user has unlocked their session. * case SessionChangeReason.SessionUnlock: * ApplicationLog.WriteInformationEvent(string.Format("Session unlock. Session ID: {0}", changeDescription.SessionId), EventID.SessionChangeEvent); * break; */ } base.OnSessionChange(changeDescription); }
private void Dynamic_All(Microsoft.Diagnostics.Tracing.TraceEvent obj) { if ((obj.Opcode == Microsoft.Diagnostics.Tracing.TraceEventOpcode.Start) && (string.Compare(obj.TaskName, "ProcessStart", true) == 0)) { int processIsElevated = 0; int processElevationType = 0; int processId = int.MinValue; int sessionId = int.MinValue; DateTime createTime = DateTime.MinValue; int index = int.MinValue; index = obj.PayloadIndex("ProcessTokenIsElevated"); if (index >= 0) { processIsElevated = (int)obj.PayloadValue(index); } if (processIsElevated == 1) { index = obj.PayloadIndex("ProcessID"); if (index >= 0) { processId = (int)obj.PayloadValue(index); } ElevatedProcessInformation elevatedProcess = new ElevatedProcessInformation { ProcessID = processId }; index = obj.PayloadIndex("ProcessTokenElevationType"); if (index >= 0) { processElevationType = (int)obj.PayloadValue(index); elevatedProcess.ElevationType = (TokenElevationType)processElevationType; } index = obj.PayloadIndex("SessionID"); if (index >= 0) { sessionId = (int)obj.PayloadValue(index); elevatedProcess.SessionID = sessionId; } index = obj.PayloadIndex("CreateTime"); if (index >= 0) { createTime = (DateTime)obj.PayloadValue(index); elevatedProcess.CreateTime = createTime; } // Determine whether the process should be logged. It should be logged if // 1. The process logging setting is set to always, or // 2. The process logging is set to "Only When Admin" and the user is in the admins group. bool processShouldBeLogged = (Settings.LogElevatedProcesses == ElevatedProcessLogging.Always); if (Settings.LogElevatedProcesses == ElevatedProcessLogging.OnlyWhenAdmin) { NetNamedPipeBinding binding = new NetNamedPipeBinding(NetNamedPipeSecurityMode.Transport); ChannelFactory <IAdminGroup> namedPipeFactory = new ChannelFactory <IAdminGroup>(binding, Settings.NamedPipeServiceBaseAddress); IAdminGroup channel = namedPipeFactory.CreateChannel(); processShouldBeLogged = channel.UserSessionIsInList(elevatedProcess.SessionID); namedPipeFactory.Close(); } if (processShouldBeLogged) { elevatedProcessList.Enqueue(elevatedProcess); } } } }