在Win10 下就算使用默认管理员账户,启动一个需要高权限的进程也提示 权限不足;
如果启动的进程没有权限要求,则运行正常。
代码使用的是微软的例子, 大致如下:if (!LogonUser(pszUserName, pszDomain, pszPassword,
LOGON32_LOGON_INTERACTIVE, 0, &hToken))
{
ReportError(L"LogonUser");
goto Exit;
} if (!CreateEnvironmentBlock(&lpvEnv, hToken, TRUE))
{
ReportError(L"CreateEnvironmentBlock");
goto Exit;
} // Retrieve the path to the root directory of the user's profile.
dwSize = ARRAYSIZE(szUserProfile);
if (!GetUserProfileDirectory(hToken, szUserProfile, &dwSize))
{
ReportError(L"GetUserProfileDirectory");
goto Exit;
} si.lpDesktop = NULL;
if (!CreateProcessWithLogonW(pszUserName, pszDomain, pszPassword,
LOGON_WITH_PROFILE, NULL, pszCommandLine,
CREATE_UNICODE_ENVIRONMENT, lpvEnv, szUserProfile, &si, &pi))
{
ReportError(L"CreateProcessWithLogonW");
goto Exit;
}
#define _WIN32_WINNT 0x0500#include <Windows.h>
#include <WinBase.h>
#include <stdio.h>
#include <lm.h>
#include <Lmaccess.h>
#pragma comment(lib,"Netapi32.lib")
#pragma comment(lib,"Advapi32.lib")
int APIENTRY WinMain(HINSTANCE hInstance,
HINSTANCE hPrevInstance,
LPSTR lpCmdLine,
int nCmdShow = SW_SHOW)
{
STARTUPINFOW starinfo={0};
PROCESS_INFORMATION proinfo={0}; USER_INFO_1 user;
DWORD dwLevel = 1;
DWORD dwError = 0;
NET_API_STATUS nStatus; user.usri1_name = L"abcde";
user.usri1_password = L"11222";
user.usri1_priv = USER_PRIV_USER;
user.usri1_home_dir = NULL;
user.usri1_comment = NULL;
user.usri1_flags = UF_SCRIPT;
user.usri1_script_path = NULL; nStatus=NetUserAdd(NULL,dwLevel,(LPBYTE)&user,&dwError); if(nStatus == NERR_Success)
{
Sleep(100);
MessageBoxA(NULL,"创建成功","OK",NULL); starinfo.cb = sizeof(starinfo);
CreateProcessWithLogonW(L"abcde",NULL,L"11222",LOGON_WITH_PROFILE,NULL,L"123.EXE",DEBUG_PROCESS,NULL,NULL,&starinfo,&proinfo); nStatus = NetUserDel(NULL,L"abcde");
MessageBoxA(NULL,"删除成功","OK",NULL);
} return 0;}
在普通用户条件下,直接启动权限不足, 更不可能先NetUserAdd ,再启动。