All geek questions in one place

How to block a workstation from a Windows service?

I need to block a workstation from a Windows service written in VB.Net. I am writing an application in Windows 7, but it should also work under Vista and XP.

LockWorkStation's User32 API does not work, as this requires an interactive desktop, and I get a return value of 0.

I tried calling% windir% \ System32 \ rundll32.exe user32.dll, LockWorkStation from both the process and the shell, but nothing happens anyway.

Setting up the service to interact with the desktop does not work, because I start the service under the administrator account so that it can perform some other actions that require administrator rights - for example, disconnecting the network, and you can only select interaction with the desktop option if it is run under Local System account.

This will be a minor question: how to start another application with administrator rights from a service running under the local system account without listening to the user.

I am writing an application to control my computer for children / Internet access (which I plan to open when this is done), so I need everything to happen as quietly as possible.

I have a user interface that handles settings and status notifications in the taskbar, but it’s easy to kill and thus defeat the lock. I could make another hidden Windows Forms application to handle blocking, but it just seems like a rather inelegant solution.

Is anyone the best?

+3
source share
5 answers

I'm not completely happy with my answer, but Window security leaves me with a bit of an alternative. Everything that was open to the service (through Process, Shell any) will not have access to the desktop. I understand the reasons for the restrictions that Microsoft has created, but still disappointing!

My Service IPC, . :

http://anoriginalidea.wordpress.com/2007/08/09/simple-inter-process-communication-in-vbnet/

. .

. . , :

http://social.msdn.microsoft.com/Forums/en-US/windowssecurity/thread/ce968b5b-04fe-46d2-bb75-73e367a8b0c3

, URI . portName IPC GetObject. RegisterWellKnownServiceType .

, , portName .

" IPC-: ". , , , .

0

, , ...

CreateProcessAsUser :

  Private Shared Sub Executer(ByVal content As String)
    Dim objProcess As System.Diagnostics.Process

    Dim filename As String
    filename = "e:\lock.bat" 
    'create a bat file with ''rundll32.exe user32.dll,LockWorkStation'' inside

    Dim UserTokenHandle As IntPtr = IntPtr.Zero
    WindowsApi.WTSQueryUserToken(WindowsApi.WTSGetActiveConsoleSessionId, UserTokenHandle)

    Dim ProcInfo As New WindowsApi.PROCESS_INFORMATION
    Dim StartInfo As New WindowsApi.STARTUPINFOW
    StartInfo.cb = CUInt(Marshal.SizeOf(StartInfo))

    WindowsApi.CreateProcessAsUser(UserTokenHandle, filename, IntPtr.Zero, IntPtr.Zero, IntPtr.Zero, False, 0, IntPtr.Zero, Nothing, StartInfo, ProcInfo)
    If Not UserTokenHandle = IntPtr.Zero Then
        WindowsApi.CloseHandle(UserTokenHandle)
    End If

End Sub

, WindowsApi . , bat, , , .

EDIT: *.bat , WindowsApi CreateProcessAsUser advapi32.dll :

    <DllImport("Advapi32.dll", EntryPoint:="CreateProcessAsUser", ExactSpelling:=False,      SetLastError:=True, CharSet:=CharSet.Unicode)> _
    Public Shared Function CreateProcessAsUser( _
                       ByVal hToken As IntPtr, _
                       ByVal lpApplicationName As String, _
                       <[In](), Out(), [Optional]()> ByVal lpCommandLine As StringBuilder, _
                       ByVal lpProcessAttributes As IntPtr, _
                       ByVal lpThreadAttributes As IntPtr, _
                       <MarshalAs(UnmanagedType.Bool)> ByVal bInheritHandles As Boolean, _
                       ByVal dwCreationFlags As Integer, _
                       ByVal lpEnvironment As IntPtr, _
                       ByVal lpCurrentDirectory As String, _
                       <[In]()> ByRef lpStartupInfo As STARTUPINFOW, _
                       <Out()> ByRef lpProcessInformation As PROCESS_INFORMATION) As <MarshalAs(UnmanagedType.Bool)> Boolean
    End Function

stringbuilder thrid (comandline) CreateProcessAsUser (applicationame) "Nothing" :

Dim cmdline As New StringBuilder
cmdline.Append("rundll32.exe user32.dll,LockWorkStation")
WindowsApi.CreateProcessAsUser(UserTokenHandle, Nothing, cmdline, IntPtr.Zero, IntPtr.Zero, False, 0, IntPtr.Zero, Nothing, StartInfo, ProcInfo)

!!!!

, AP

+5

, , Microsoft - , , , , .

, Friar Tuck/Robin Hood - , . - , ( , , ).

+2

( UI) , , ​​ , .

, , , , .

+1

Windows, .

0

Source: https://habr.com/ru/post/1737442/

More articles:


All Articles