示例#1
0
        public void LaunchService(object context)
        {
            //The user that the process will be started under must have Read and
            //Execute access to this file, not the service account! If the user does
            //not have this access Process.Start will throw a Win32Exception
            //(ERROR_ACCESS_DENIED).
            string           path = System.Reflection.Assembly.GetExecutingAssembly().Location;
            ProcessStartInfo psi  = new ProcessStartInfo(path);

            psi.Arguments      = "/i";
            psi.CreateNoWindow = true;

            //Must be set if running under new credentials.
            psi.UseShellExecute = false;

            //This must be set to a valid directory. If left to the default
            //you will get a Win32Exception - invalid directory error.
            psi.WorkingDirectory = Environment.GetFolderPath(Environment.SpecialFolder.System);

            //Set user
            psi.Domain   = Environment.MachineName;
            psi.UserName = "******";
            psi.Password = new System.Security.SecureString();
            psi.Password.AppendChar('t');
            psi.Password.AppendChar('e');
            psi.Password.AppendChar('s');
            psi.Password.AppendChar('t');

            try
            {
                //The following security adjustments are necessary to give the new
                //process sufficient permission to run in the service's window station
                //and desktop. This uses classes from the AsproLock library also from
                //Asprosys.
                IntPtr hWinSta           = GetProcessWindowStation();
                WindowStationSecurity ws = new WindowStationSecurity(hWinSta,
                                                                     System.Security.AccessControl.AccessControlSections.Access);
                ws.AddAccessRule(new WindowStationAccessRule("LaunchProcessUser",
                                                             WindowStationRights.AllAccess, System.Security.AccessControl.AccessControlType.Allow));
                ws.AcceptChanges();

                IntPtr          hDesk = GetThreadDesktop(GetCurrentThreadId());
                DesktopSecurity ds    = new DesktopSecurity(hDesk,
                                                            System.Security.AccessControl.AccessControlSections.Access);
                ds.AddAccessRule(new DesktopAccessRule("LaunchProcessUser",
                                                       DesktopRights.AllAccess, System.Security.AccessControl.AccessControlType.Allow));
                ds.AcceptChanges();

                EventLog.WriteEntry("Launching application.", EventLogEntryType.Information);

                using (Process process = Process.Start(psi))
                {
                }
            }
            catch (Exception ex)
            {
                EventLog.WriteEntry(string.Format("Exception thrown:{0}{0}{1}", Environment.NewLine, ex), EventLogEntryType.Error);
            }
        }
        public void RemoveDesktopPermission(string userOrGroupName)
        {
            SafeHandle shWindowStation = new NonReleasingSafeHandle(GetProcessWindowStation(), false);
            var ws = new WindowStationSecurity(shWindowStation);
            ws.RemoveAccessRule(new AccessRule<NativeMethods.WindowStationRights>(userOrGroupName, NativeMethods.WindowStationRights.AllAccess, AccessControlType.Allow));
            ws.AcceptChanges();

            SafeHandle shDesktopThread = new NonReleasingSafeHandle(GetThreadDesktop(GetCurrentThreadId()), false);
            var ds = new DesktopSecurity(shDesktopThread);
            ds.RemoveAccessRule(new AccessRule<NativeMethods.DesktopRights>(userOrGroupName, NativeMethods.DesktopRights.AllAccess, AccessControlType.Allow));
            ds.AcceptChanges();
        }
        public void RemoveDesktopPermission()
        {
            IntPtr hWindowStation = GetProcessWindowStation();
            var    ws             = new WindowStationSecurity(hWindowStation, AccessControlSections.Access);

            ws.RemoveAccessRule(new WindowStationAccessRule(userName, WindowStationRights.AllAccess, AccessControlType.Allow));
            ws.AcceptChanges();

            IntPtr hDesktopThread = GetThreadDesktop(GetCurrentThreadId());
            var    ds             = new DesktopSecurity(hDesktopThread, AccessControlSections.Access);

            ds.RemoveAccessRule(new DesktopAccessRule(userName, DesktopRights.AllAccess, AccessControlType.Allow));
            ds.AcceptChanges();
        }
示例#4
0
        public void RemoveDesktopPermission()
        {
            try
            {
                IntPtr hWinSta = NativeMethods.GetProcessWindowStation();
                var    ws      = new WindowStationSecurity(hWinSta, AccessControlSections.Access);
                ws.RemoveAccessRule(new WindowStationAccessRule(userName, WindowStationRights.AllAccess, AccessControlType.Allow));
                ws.AcceptChanges();

                IntPtr hDesk = NativeMethods.GetThreadDesktop(NativeMethods.GetCurrentThreadId());
                var    ds    = new DesktopSecurity(hDesk, AccessControlSections.Access);
                ds.RemoveAccessRule(new DesktopAccessRule(userName, DesktopRights.AllAccess, AccessControlType.Allow));
                ds.AcceptChanges();
            }
            catch (Exception ex)
            {
                log.ErrorException("Exception removing desktop permissions!", ex);
            }
        }