我必须是一个没有榜样的白痴程序员。我正在使用VB将批处理文件迁移到asp.net应用程序,试图找出asp.net几乎浪费了一天的时间。
我想要更改一个特定的注册表项/项,默认情况下,在Server 2008及更高版本中,管理员没有启用FullControl。只要我可以先将Administrators设置为对象所有者,SetAccessControl函数就可以工作。从命令行可以很容易地将所有者设置为Administrators,然后授予FullControl,所以我知道它是可能的。
编辑:命令行有效,因为我是以Administrators组成员的身份登录的,这意味着权限不应该是运行代码的问题。
Edit2:要清楚,这是一个“Windows窗体应用程序”(不是Web应用程序,不是控制台应用程序)。
Imports Microsoft.Win32
Imports System.Security.AccessControl
Imports System.Security.Principal
Public Sub GrantRegistyPermission()
Dim Hive As RegistryKey = Registry.ClassesRoot
Dim KeyName As String = "CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
' next line FAILS, "Requested registry access is not allowed"
'Dim SubKey As RegistryKey = Hive.OpenSubKey(KeyName, True)
' try without specifying the "writable" overload
Dim SubKey As RegistryKey = Hive.OpenSubKey(KeyName)
Dim rs As RegistrySecurity = Hive.GetAccessControl()
rs.SetOwner(New NTAccount("BUILTIN\Administrators"))
' next line FAILS, "Attempted to perform an unauthorized operation."
Hive.SetAccessControl(rs)
rs.AddAccessRule(New RegistryAccessRule(User, RegistryRights.FullControl, _
InheritanceFlags.ContainerInherit, _
PropagationFlags.InheritOnly, AccessControlType.Allow))
Hive.SetAccessControl(rs)
Hive.Close()
End Sub
答案 0 :(得分:0)
最后,我可以开始工作的唯一方法是在新进程中启动我在批处理文件中使用的SetACL.exe(或SetACLx64.exe)命令。确保SetACL命令文件在同一目录中,或者需要完全修改(并引用?)。
Sub GrantRegKeyFullPermCmd()
Dim RegKey As String = "HKLM\Software\Classes\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}"
Dim UserGroup As String = "Administrators"
Dim p As Process = Nothing
Dim ps1 As ProcessStartInfo = New ProcessStartInfo
ps1.FileName = "cmd.exe"
ps1.Verb = "runas"
ps1.WindowStyle = ProcessWindowStyle.Normal
ps1.UseShellExecute = False
ps1.RedirectStandardOutput = True
ps1.Arguments = "/C SetACLx64.exe -on """ & RegKey & """ -ot reg -actn setowner -ownr ""n:" & UserGroup & """"
Try
p = Process.Start(ps1)
Dim Results As String = p.StandardOutput.ReadToEnd
p.WaitForExit()
MsgBox("ExitCode: " & p.ExitCode & vbCrLf & "Set owner results: " & Results)
Dim ps2 As ProcessStartInfo = ps1
ps1.Arguments = "/C SetACLx64.exe -on """ & RegKey & """ -ot reg -actn ace -ace ""n:" & UserGroup & ";p:full"""
p = Process.Start(ps1)
Results = p.StandardOutput.ReadToEnd
p.WaitForExit()
MsgBox("ExitCode: " & p.ExitCode & vbCrLf & "Set permission results: " & Results)
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
我试过的步骤不起作用:
应用本地政策和/或GPO"用户帐户控制:管理员批准模式下管理员的提升提示行为" ="在没有提示的情况下提升"
右键单击"以管理员身份运行"
从提升的命令提示符启动
运行SetACL命令作为ProcessStartInfo.FileName
更改了项目属性,UAC设置:requestedExecutionLevel level =" requireAdministrator"
希望这可以节省其他3天的浪费时间。