问题描述

我期待在 Windows (Windows 7/Windows 8) 上安装服务.

I am looking forward to install a service on Windows (Windows 7 / Windows 8).

虽然该服务最初由管理员"安装，但它的安装方式应使该本地计算机上的任何用户帐户都可以启动/停止/重新启动它.

Though the service would be initially installed by "administrator", but it should be installed in such a fashion that any user account on that local machine can Start / Stop / Restart it.

尝试将登录身份"更改为网络服务，但没有帮助.

Tried changing "Log On As" to Network Services, but did not help.

尝试过 Subinacl.exe，但由于安装程序的架构设计(不允许安装任何外部应用程序)，这是不可行的.

Tried Subinacl.exe, but that is not feasible due to architecture design of installer (which does not allow installing any external applications).

问题很简单 -> 服务 A 由管理员安装，但应该对该机器上的所有用户帐户具有 FULL 权限.

Issue is simple -> Service A to be installed by administrator, but should have FULL permissions for all user account on that machine.

此外，在安装过程中，也无法预先知道该计算机上可用的所有用户帐户的数量和内容.

Also while installation it is not known in advance as to how many and what all user accounts would be available on that machine.

推荐答案

您可以使用 SetSecurityInfo 或 SetServiceObjectSecurity 更改服务 ACL.此代码创建一个服务，然后设置 ACL 以允许任何以交互方式登录的用户启动该服务:

You can use SetSecurityInfo or SetServiceObjectSecurity to change the service ACL. This code creates a service and then sets the ACL to allow any interactively logged on user to start the service:

wchar_t sddl[] = L"D:"
  L"(A;;CCLCSWRPWPDTLOCRRC;;;SY)"
      // default permissions for local system
  L"(A;;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;BA)"
      // default permissions for administrators
  L"(A;;CCLCSWLOCRRC;;;AU)"
      // default permissions for authenticated users
  L"(A;;CCLCSWRPWPDTLOCRRC;;;PU)"
      // default permissions for power users
  L"(A;;RP;;;IU)"
      // added permission: start service for interactive users
  ;

DWORD InstallService()
{
  SC_HANDLE manager, service;
  PSECURITY_DESCRIPTOR sd;
  DWORD err;

  wchar_t apppath[MAX_PATH + 2];

  // Note: because this is only called from main() which exits
  // immediately afterwards, no attempt is made to close the
  // handles generated.

  if (!ConvertStringSecurityDescriptorToSecurityDescriptor(sddl,
      SDDL_REVISION_1, &sd, NULL))
  {
    err = GetLastError();
    printf("Error %u creating security descriptor.\n", err);
    return err;
  }

  if (!GetModuleFileName(0, apppath, MAX_PATH + 1))
  {
    err = GetLastError();
    printf("Error %u fetching module name.\n", err);
    return err;
  }

  if (_wcsicmp(apppath + wcslen(apppath) - wcslen(exename), exename) != 0)
  {
    printf("Application name mismatch: %ls\n",
      apppath + wcslen(apppath) - wcslen(exename));
    return ERROR_INVALID_FUNCTION;
  }

  manager = OpenSCManager(0, 0, SC_MANAGER_CREATE_SERVICE);

  if (!manager)
  {
    err = GetLastError();
    printf("Error %u connecting to service manager.\n", err);
    return err;
  }

  service = CreateService(manager,
    servicename,
    displayname,
    WRITE_DAC,
    SERVICE_WIN32_OWN_PROCESS,
    SERVICE_DEMAND_START,
    SERVICE_ERROR_NORMAL,
    apppath,
    0,
    0,
    NULL,
    NULL,
    NULL);

  if (!service)
  {
    err = GetLastError();
    printf("Error %u installing service.\n", err);
    return err;
  }

  if (!SetServiceObjectSecurity(service, DACL_SECURITY_INFORMATION, sd))
  {
    err = GetLastError();
    printf("Error %u setting service security.\n", err);
    return err;
  }

  printf("Service successfully installed.\n");
  return 0;
}

这篇关于如何在 Windows 上安装由任何用户管理的服务的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！