Use SetSystemTime with limited user account_问答_开发者

Use SetSystemTime with limited user account

开发者 https://www.devze.com 2023-03-07 14:34 出处：网络

Operating system: Windows XP (Embedded) Language: c# Problem: With a limited user account, I try to change the date and time of Windows XP programmatically, by using the function SetSystemTime() but

Operating system: Windows XP (Embedded) Language: c#

Problem: With a limited user account, I try to change the date and time of Windows XP programmatically, by using the function SetSystemTime() but it returns false and the error code is 5: Access is denied.

After reading MSD开发者_JAVA技巧N articles, I impersonate the limited user account to administrator user (belonging to administrators group and having rights to change system time), by using LogonUser() and Impersonate() functions, and call after SetSystemTime(), but the result is the same as before.

I try to give the privilege "SeSystemtimePrivilege" to the limited user account, after having impersonate it before calling AdjustTokenPrivileges() that returns no error, but the result is the same as before.

Code:

const int  SE_PRIVILEGE_ENABLED = 2;

// Starting with limited user account
intPtr userToken = WindowsIdentity.GetCurrent(TokenAccessLevels.AdjustPrivileges | TokenAccessLevels.Query).Token;

IntPtr tokenDuplicate = IntPtr.Zero;
IntPtr token = IntPtr.Zero;

LogonUser("administrator", domain, password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, ref token);
DuplicateToken(token, 2, ref tokenDuplicate);
WindowsImpersonationContext wic = (new WindowsIdentity(tokenDuplicate)).Impersonate();

bool enabled = true;

TOKEN_PRIVILEGES tokenPrivilege = new TOKEN_PRIVILEGES();
tokenPrivilege.PrivilegeCount = 1;
tokenPrivilege.Privileges = new LUID_AND_ATTRIBUTES[tokenPrivilege.PrivilegeCount];
tokenPrivilege.Privileges[0].Attributes = (UInt32)(enabled ? SE_PRIVILEGE_ENABLED : SE_PRIVILEGE_DISABLED);

if (LookupPrivilegeValue(null, "SeSystemtimePrivilege", out tokenPrivilege.Privileges[0].Luid))
    AdjustTokenPrivileges(userToken, false, ref tokenPrivilege, (UInt32)Marshal.SizeOf(typeof(TOKEN_PRIVILEGES)), IntPtr.Zero, IntPtr.Zero);

// Return to limited user account
wic.Undo();

if(!SetSystemTime(systemTime)) // systemTime in UTC time
   .... Error code here, 5 if I let administrator impersonate or 1314

Do you have an idea how to resolve my problem?

Thank you for your answer, Alain

I recently posted a similar question, different angle, but same basic need, the title of that question is "how to check Local Security Policy rights as non-admin" for reference.

Anyhow, If you explicitly grant that standard user the Change System Time privilege in the Local Security Policy, then that non-admin can access the SetSystemTime just fine. I explain over in my question how I solved my particular needs, perhaps it might help you?

Good luck!