c#-如何通过添加注册表项将用户添加到“从网络访问此计算机”本地策略中?
内容导读
互联网集市收集整理的这篇技术教程文章主要介绍了c#-如何通过添加注册表项将用户添加到“从网络访问此计算机”本地策略中?,小编现在分享给大家,供广大互联网技能从业者学习和参考。文章包含3802字,纯文字阅读大概需要6分钟。
内容图文
您是否知道如何在本地策略中添加用户?我需要这样的效果
gpedit.msc->计算机配置/ Windows设置/安全设置/本地策略/用户权限分配/“从网络访问此计算机”
我想通过添加注册表项或从cmd运行命令来做到这一点.如果您有任何要分享的提示或互联网资源,我将很高兴.
谢谢.
解决方法:
这是我之前准备的.我们使用下面的(冗长的,抱歉的)包装类来授予“登录即服务”权限.对此的要求如下:
var identity = new WindowsIdentity(logonName);
LsaSecurityWrapper.AddAccountRights(identity.User.AccountDomainSid,
"SeServiceLogonRight");
您只需要用自己的替换“ SeServiceLogonRight”即可.一个快速的谷歌告诉我这应该是“ SeNetworkLogonRight”.如果要在控制台应用程序中使用它,则可以快速进行编译.像这样设置您的Main方法:
static void Main(string[] args)
{
var identity = new WindowsIdentity(args[0]);
LsaSecurityWrapper.AddAccountRights(identity.User.AccountDomainSid, args[1]);
}
然后以YourConsoleApp.exe登录身份调用.这是包装器:
[StructLayout(LayoutKind.Sequential)]
internal struct LSA_OBJECT_ATTRIBUTES
{
internal int Length;
internal IntPtr RootDirectory;
internal IntPtr ObjectName;
internal int Attributes;
internal IntPtr SecurityDescriptor;
internal IntPtr SecurityQualityOfService;
}
///
/// LSA_UNICODE_STRING structure
///
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
internal struct LSA_UNICODE_STRING
{
internal ushort Length;
internal ushort MaximumLength;
[MarshalAs(UnmanagedType.LPWStr)] internal string Buffer;
}
///
/// Wraps LsaAddAccountRights call.
///
public sealed class LsaSecurityWrapper
{
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaOpenPolicy(
LSA_UNICODE_STRING[] SystemName,
ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
int AccessMask,
out IntPtr PolicyHandle
);
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaAddAccountRights(
LSA_HANDLE PolicyHandle,
IntPtr pSID,
LSA_UNICODE_STRING[] UserRights,
int CountOfRights
);
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaRemoveAccountRights(
LSA_HANDLE PolicyHandle,
IntPtr AccountSid,
bool AllRights,
LSA_UNICODE_STRING[] UserRights,
int CountOfRights
);
[DllImport("advapi32")]
internal static extern int LsaClose(IntPtr PolicyHandle);
private enum Access : int
{
POLICY_READ = 0x20006,
POLICY_ALL_ACCESS = 0x00F0FFF,
POLICY_EXECUTE = 0X20801,
POLICY_WRITE = 0X207F8
}
// rights: (http://msdn.microsoft.com/en-us/library/bb545671(VS.85).aspx)
public static void AddAccountRights(SecurityIdentifier sid, string rights)
{
IntPtr lsaHandle;
LSA_UNICODE_STRING[] system = null;
LSA_OBJECT_ATTRIBUTES lsaAttr;
lsaAttr.RootDirectory = IntPtr.Zero;
lsaAttr.ObjectName = IntPtr.Zero;
lsaAttr.Attributes = 0;
lsaAttr.SecurityDescriptor = IntPtr.Zero;
lsaAttr.SecurityQualityOfService = IntPtr.Zero;
lsaAttr.Length = Marshal.SizeOf(typeof(LSA_OBJECT_ATTRIBUTES));
lsaHandle = IntPtr.Zero;
uint ret = LsaOpenPolicy(system, ref lsaAttr, (int)Access.POLICY_ALL_ACCESS, out lsaHandle);
if (ret == 0)
{
Byte[] buffer = new Byte[sid.BinaryLength];
sid.GetBinaryForm(buffer, 0);
IntPtr pSid = Marshal.AllocHGlobal(sid.BinaryLength);
Marshal.Copy(buffer, 0, pSid, sid.BinaryLength);
LSA_UNICODE_STRING[] privileges = new LSA_UNICODE_STRING[1];
LSA_UNICODE_STRING lsaRights = new LSA_UNICODE_STRING();
lsaRights.Buffer = rights;
lsaRights.Length = (ushort)(rights.Length * sizeof(char));
lsaRights.MaximumLength = (ushort)(lsaRights.Length + sizeof(char));
privileges[0] = lsaRights;
ret = LsaAddAccountRights(lsaHandle, pSid, privileges, 1);
LsaClose(lsaHandle);
Marshal.FreeHGlobal(pSid);
if (ret != 0)
{
throw new Win32Exception("LsaAddAccountRights failed with error code: " + ret);
}
}
else
{
throw new Win32Exception("LsaOpenPolicy failed with error code: " + ret);
}
}
}
内容总结
以上是互联网集市为您收集整理的c#-如何通过添加注册表项将用户添加到“从网络访问此计算机”本地策略中?全部内容,希望文章能够帮你解决c#-如何通过添加注册表项将用户添加到“从网络访问此计算机”本地策略中?所遇到的程序开发问题。 如果觉得互联网集市技术教程内容还不错,欢迎将互联网集市网站推荐给程序员好友。
内容备注
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 gblab@vip.qq.com 举报,一经查实,本站将立刻删除。
内容手机端
扫描二维码推送至手机访问。