Is it possible to create a new process on windows with a different user account? I know there are a context menu "Run as" but I want do it from Java. I have the username and the password.
是否可以在具有不同用户帐户的Windows上创建新进程?我知道有一个上下文菜单“Run as”但我想用Java做。我有用户名和密码。
5 个解决方案
#1
6
You need to write a DLL using the Java Native Interface (JNI) as you cannot do this with pure Java code.
您需要使用Java Native Interface(JNI)编写DLL,因为您无法使用纯Java代码执行此操作。
The DLL itself needs to call the CreateProcessAsUser function to create a process in the context of another user. To successfully create that process you need to provide an access token to the function, which was itself created by calling the LogonUser function (it takes the username and password to authentify that other user).
DLL本身需要调用CreateProcessAsUser函数以在另一个用户的上下文中创建进程。要成功创建该进程,您需要为该函数提供访问令牌,该函数本身是通过调用LogonUser函数创建的(它使用用户名和密码来验证其他用户)。
#2
4
There is a program called "runas.exe." You could run that process and supply the appropriate arguments for your process and username/password. I think that's the simplest method.
有一个名为“runas.exe”的程序。您可以运行该过程并为您的进程和用户名/密码提供适当的参数。我认为这是最简单的方法。
#3
2
I just ran across an alternative to the runas.exe program called MiniRunAs which will take the password on the command line - http://www.source-code.biz/snippets/c/1.htm
我刚刚遇到了一个名为MiniRunAs的runas.exe程序的替代程序,该程序将在命令行上输入密码 - http://www.source-code.biz/snippets/c/1.htm
If you are able to install it along with your application, that may prove simpler than writing a JNI DLL.
如果您能够将其与应用程序一起安装,那么这可能比编写JNI DLL简单。
#4
1
Depending on your needs the Win32 API "CreateProcessWithLogonW" is easier to use than the "CreateProcessAsUser / LogonUser" functions.
根据您的需要,Win32 API“CreateProcessWithLogonW”比“CreateProcessAsUser / LogonUser”功能更易于使用。
From MSDN Docs:
来自MSDN文档:
The CreateProcessWithLogonW and CreateProcessWithTokenW functions are similar to the CreateProcessAsUser function, except that the caller does not need to call the LogonUser function to authenticate the user and get a token
#5
0
RUNAS has the "/savecred" switch that let you enter the credential only the first time. One potential problem is that when /SaveCred saves the credentials it saves it for whenever RUNAS invokes that user account. This can be a huge security risk so be careful using it!
RUNAS具有“/ savecred”开关,只允许您第一次输入凭证。一个潜在的问题是,当/ SaveCred保存凭据时,它会在RUNAS调用该用户帐户时保存它。这可能是一个巨大的安全风险,所以要小心使用它!
Example at http://www.rgagnon.com/javadetails/java-0014.html (at the end)
http://www.rgagnon.com/javadetails/java-0014.html上的示例(最后)
#1
6
You need to write a DLL using the Java Native Interface (JNI) as you cannot do this with pure Java code.
您需要使用Java Native Interface(JNI)编写DLL,因为您无法使用纯Java代码执行此操作。
The DLL itself needs to call the CreateProcessAsUser function to create a process in the context of another user. To successfully create that process you need to provide an access token to the function, which was itself created by calling the LogonUser function (it takes the username and password to authentify that other user).
DLL本身需要调用CreateProcessAsUser函数以在另一个用户的上下文中创建进程。要成功创建该进程,您需要为该函数提供访问令牌,该函数本身是通过调用LogonUser函数创建的(它使用用户名和密码来验证其他用户)。
#2
4
There is a program called "runas.exe." You could run that process and supply the appropriate arguments for your process and username/password. I think that's the simplest method.
有一个名为“runas.exe”的程序。您可以运行该过程并为您的进程和用户名/密码提供适当的参数。我认为这是最简单的方法。
#3
2
I just ran across an alternative to the runas.exe program called MiniRunAs which will take the password on the command line - http://www.source-code.biz/snippets/c/1.htm
我刚刚遇到了一个名为MiniRunAs的runas.exe程序的替代程序,该程序将在命令行上输入密码 - http://www.source-code.biz/snippets/c/1.htm
If you are able to install it along with your application, that may prove simpler than writing a JNI DLL.
如果您能够将其与应用程序一起安装,那么这可能比编写JNI DLL简单。
#4
1
Depending on your needs the Win32 API "CreateProcessWithLogonW" is easier to use than the "CreateProcessAsUser / LogonUser" functions.
根据您的需要,Win32 API“CreateProcessWithLogonW”比“CreateProcessAsUser / LogonUser”功能更易于使用。
From MSDN Docs:
来自MSDN文档:
The CreateProcessWithLogonW and CreateProcessWithTokenW functions are similar to the CreateProcessAsUser function, except that the caller does not need to call the LogonUser function to authenticate the user and get a token
#5
0
RUNAS has the "/savecred" switch that let you enter the credential only the first time. One potential problem is that when /SaveCred saves the credentials it saves it for whenever RUNAS invokes that user account. This can be a huge security risk so be careful using it!
RUNAS具有“/ savecred”开关,只允许您第一次输入凭证。一个潜在的问题是,当/ SaveCred保存凭据时,它会在RUNAS调用该用户帐户时保存它。这可能是一个巨大的安全风险,所以要小心使用它!
Example at http://www.rgagnon.com/javadetails/java-0014.html (at the end)
http://www.rgagnon.com/javadetails/java-0014.html上的示例(最后)