Using .NET, I have a requirement in which I need to execute a process (a console app) on a remote PC within my domain. The process needs to be opened interactively (can be seen from the remote desktop) and be executed as a specif开发者_运维知识库ied domain account.
My .NET application runs as a Windows service and its execution account has admin on both boxes. The user account I need to open the process is a different account than the service but also has admin on the remote client (which is unfortunately, Windows Server 2000).
See this: How to execute program on remote computer?
It uses the Win32_ScheduledJob
WMI class to execute a process that can be seen on the interactive desktop of the remote computer.
There is no supported way to create a token that will function as a specific user and display on a specific desktop.
If you do not need to access any network resources, NtCreateToken can construct an arbitrary token. To find the nonce SID you need to combine with the login SID, steal the winlogon token for that session.
If you can function as SYSTEM instead, steal the winlogon token and use it directly.
EDIT: since this is a console app, you can probably arrange to do something like open a telnet-like process (steal winlogon token) and connect it via socket or named pipe to your worker (no window).
I am going to go ahead and close this as not possible; I will try to get my requirements changed so that my service will run as the same user I need to execute the process as or to run the service/script locally.
Thanks for the replies, Zach Skinner
精彩评论