如何通过添加注册表项将用户添加到“从网络访问此计算机”本地策略中
本文关键字:添加 计算机 访问 策略 网络 注册表 何通过 用户 | 更新日期: 2023-09-27 18:34:32
您知道如何在本地策略中添加用户吗?我需要这样的效果
gpedit.msc -> 计算机配置/Windows 设置/安全设置/本地策略/用户权限分配/"从网络访问此计算机">
我想通过添加注册表项或从cmd运行命令来做到这一点。如果您有任何提示或互联网资源可以分享,我会很高兴。
谢谢。
这是我
之前准备的。我们使用下面的(冗长,抱歉(包装类来授予"作为服务登录权限"。对此的呼吁如下:
var identity = new WindowsIdentity(logonName);
LsaSecurityWrapper.AddAccountRights(identity.User.AccountDomainSid,
"SeServiceLogonRight");
您只需要将"SeServiceLogonRight"替换为您自己的。快速的谷歌告诉我这应该是"SeNetworkLogonRight"。如果要在控制台应用中执行此操作,则可以快速编译一个。按如下方式设置Main方法:
static void Main(string[] args)
{
var identity = new WindowsIdentity(args[0]);
LsaSecurityWrapper.AddAccountRights(identity.User.AccountDomainSid, args[1]);
}
然后按YourConsoleApp.exe logon right调用。这是包装器:
[StructLayout(LayoutKind.Sequential)]
internal struct LSA_OBJECT_ATTRIBUTES
{
internal int Length;
internal IntPtr RootDirectory;
internal IntPtr ObjectName;
internal int Attributes;
internal IntPtr SecurityDescriptor;
internal IntPtr SecurityQualityOfService;
}
///
/// LSA_UNICODE_STRING structure
///
[StructLayout(LayoutKind.Sequential, CharSet = CharSet.Unicode)]
internal struct LSA_UNICODE_STRING
{
internal ushort Length;
internal ushort MaximumLength;
[MarshalAs(UnmanagedType.LPWStr)] internal string Buffer;
}
///
/// Wraps LsaAddAccountRights call.
///
public sealed class LsaSecurityWrapper
{
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaOpenPolicy(
LSA_UNICODE_STRING[] SystemName,
ref LSA_OBJECT_ATTRIBUTES ObjectAttributes,
int AccessMask,
out IntPtr PolicyHandle
);
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaAddAccountRights(
LSA_HANDLE PolicyHandle,
IntPtr pSID,
LSA_UNICODE_STRING[] UserRights,
int CountOfRights
);
[DllImport("advapi32", CharSet = CharSet.Unicode, SetLastError = true),
SuppressUnmanagedCodeSecurityAttribute]
internal static extern uint LsaRemoveAccountRights(
LSA_HANDLE PolicyHandle,
IntPtr AccountSid,
bool AllRights,
LSA_UNICODE_STRING[] UserRights,
int CountOfRights
);
[DllImport("advapi32")]
internal static extern int LsaClose(IntPtr PolicyHandle);
private enum Access : int
{
POLICY_READ = 0x20006,
POLICY_ALL_ACCESS = 0x00F0FFF,
POLICY_EXECUTE = 0X20801,
POLICY_WRITE = 0X207F8
}
// rights: (http://msdn.microsoft.com/en-us/library/bb545671(VS.85).aspx)
public static void AddAccountRights(SecurityIdentifier sid, string rights)
{
IntPtr lsaHandle;
LSA_UNICODE_STRING[] system = null;
LSA_OBJECT_ATTRIBUTES lsaAttr;
lsaAttr.RootDirectory = IntPtr.Zero;
lsaAttr.ObjectName = IntPtr.Zero;
lsaAttr.Attributes = 0;
lsaAttr.SecurityDescriptor = IntPtr.Zero;
lsaAttr.SecurityQualityOfService = IntPtr.Zero;
lsaAttr.Length = Marshal.SizeOf(typeof(LSA_OBJECT_ATTRIBUTES));
lsaHandle = IntPtr.Zero;
uint ret = LsaOpenPolicy(system, ref lsaAttr, (int)Access.POLICY_ALL_ACCESS, out lsaHandle);
if (ret == 0)
{
Byte[] buffer = new Byte[sid.BinaryLength];
sid.GetBinaryForm(buffer, 0);
IntPtr pSid = Marshal.AllocHGlobal(sid.BinaryLength);
Marshal.Copy(buffer, 0, pSid, sid.BinaryLength);
LSA_UNICODE_STRING[] privileges = new LSA_UNICODE_STRING[1];
LSA_UNICODE_STRING lsaRights = new LSA_UNICODE_STRING();
lsaRights.Buffer = rights;
lsaRights.Length = (ushort)(rights.Length * sizeof(char));
lsaRights.MaximumLength = (ushort)(lsaRights.Length + sizeof(char));
privileges[0] = lsaRights;
ret = LsaAddAccountRights(lsaHandle, pSid, privileges, 1);
LsaClose(lsaHandle);
Marshal.FreeHGlobal(pSid);
if (ret != 0)
{
throw new Win32Exception("LsaAddAccountRights failed with error code: " + ret);
}
}
else
{
throw new Win32Exception("LsaOpenPolicy failed with error code: " + ret);
}
}
}
我怀疑你需要使用pinvoke并环绕适当的Lsa函数,http://msdn.microsoft.com/en-us/library/windows/desktop/ms721786(v=vs.85(.aspxhttp://www.pinvoke.net/default.aspx/advapi32.lsaaddaccountrights