I am attempting to add a temporary IP address to a NIC using AddIPAddress when logged in as a non-admin user. The MSDN documentation for AddIPAddress states that ERROR_INVALID_HANDLE is returned as as error if the function is called by a non-admin user.
我正在尝试以非管理员用户身份登录时使用AddIPAddress向NIC添加临时IP地址。 AddIPAddress的MSDN文档指出,如果非管理员用户调用该函数,则返回错误ERROR_INVALID_HANDLE。
Given that I have preceeded the call to AddIPAddress with API calls to LogonUser() and ImpersonateLoggedOnUser(). Now my application thinks it's logged in as an Admin, but AddIPAddress still fails with ERROR_INVALID_HANDLE.
鉴于我已经在使用对LogonUser()和ImpersonateLoggedOnUser()的API调用调用AddIPAddress之前。现在我的应用程序认为它以管理员身份登录,但AddIPAddress仍然失败,并且ERROR_INVALID_HANDLE。
MSDN also states that..
MSDN还声明......
"Note Group policies, enterprise policies, and other restrictions on the network may prevent these functions from completing successfully. Ensure that the application has the necessary network permissions before attempting to use these functions."
“注意组策略,企业策略和对网络的其他限制可能会阻止这些功能成功完成。请确保应用程序在尝试使用这些功能之前具有必要的网络权限。”
Is it possible to call AddIPAddress using impersonation? if so how? I'm guessing I need to change the permissions mentioned above but I am at a loss as to what to chnage in this area.
是否可以使用模拟调用AddIPAddress?如果是这样的话?我猜我需要更改上面提到的权限,但我不知道在这方面要做什么。
Any help would be appreciated!
任何帮助,将不胜感激!
Additonal: I've also drawn a blank while attempting to call out to netsh (again logged in as a normal user) using CreateProcessAsUser using a handle to an impersonated admin user to launch the process. Always returns errors indicating insufficent priviledges.
Additonal:我还尝试使用CreateProcessAsUser调用netsh(再次以普通用户身份登录),并使用模拟管理员用户的句柄来启动该进程。始终返回错误,表明不完整的特权。
1 个解决方案
#1
If you are using windows Vista you may need to elevate privileges.
如果您使用的是Windows Vista,则可能需要提升权限。
In Vista by default UAC is enabled. This makes it so that even as an administrator you are using a limited user token unless you explicitly elevate. When you do this the user is presented with a dialog to allow or deny the request.
默认情况下,在Vista中启用UAC。这使得即使作为管理员,您也使用有限的用户令牌,除非您明确提升。执行此操作时,将向用户显示允许或拒绝请求的对话框。
For more information on this see Windows Vista Application Development Requirements for User Account Control Compatibility.
有关此内容的详细信息,请参阅用户帐户控制兼容性的Windows Vista应用程序开发要
You may want to try using CheckTokenMembership to verify you are properly elevated after you log on as admin. I would suspect you are getting the limited user token and thus failing requests for privileged resources.
您可能希望尝试使用CheckTokenMembership在您以管理员身份登录后验证是否已正确升级。我怀疑您获得了有限的用户令牌,从而未能获得特权资源请求。
Best of luck.
祝你好运。
#1
If you are using windows Vista you may need to elevate privileges.
如果您使用的是Windows Vista,则可能需要提升权限。
In Vista by default UAC is enabled. This makes it so that even as an administrator you are using a limited user token unless you explicitly elevate. When you do this the user is presented with a dialog to allow or deny the request.
默认情况下,在Vista中启用UAC。这使得即使作为管理员,您也使用有限的用户令牌,除非您明确提升。执行此操作时,将向用户显示允许或拒绝请求的对话框。
For more information on this see Windows Vista Application Development Requirements for User Account Control Compatibility.
有关此内容的详细信息,请参阅用户帐户控制兼容性的Windows Vista应用程序开发要
You may want to try using CheckTokenMembership to verify you are properly elevated after you log on as admin. I would suspect you are getting the limited user token and thus failing requests for privileged resources.
您可能希望尝试使用CheckTokenMembership在您以管理员身份登录后验证是否已正确升级。我怀疑您获得了有限的用户令牌,从而未能获得特权资源请求。
Best of luck.
祝你好运。