开发者

Execute Remote Process As DOMAIN/User Interactivly [closed]

开发者 https://www.devze.com 2023-04-04 18:34 出处:网络
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical andcannot be reasonably answered in its current form. For help clari
It's difficult to tell what is being asked here. This question is ambiguous, vague, incomplete, overly broad, or rhetorical and cannot be reasonably answered in its current form. For help clarifying this question so that it can be reopened, visit the help center. Closed 11 years ago.

Using .NET, I have a requirement in which I need to execute a process (a console app) on a remote PC within my domain. The process needs to be opened interactively (can be seen from the remote desktop) and be executed as a specif开发者_运维知识库ied domain account.

My .NET application runs as a Windows service and its execution account has admin on both boxes. The user account I need to open the process is a different account than the service but also has admin on the remote client (which is unfortunately, Windows Server 2000).


See this: How to execute program on remote computer?

It uses the Win32_ScheduledJob WMI class to execute a process that can be seen on the interactive desktop of the remote computer.


There is no supported way to create a token that will function as a specific user and display on a specific desktop.

If you do not need to access any network resources, NtCreateToken can construct an arbitrary token. To find the nonce SID you need to combine with the login SID, steal the winlogon token for that session.

If you can function as SYSTEM instead, steal the winlogon token and use it directly.

EDIT: since this is a console app, you can probably arrange to do something like open a telnet-like process (steal winlogon token) and connect it via socket or named pipe to your worker (no window).


I am going to go ahead and close this as not possible; I will try to get my requirements changed so that my service will run as the same user I need to execute the process as or to run the service/script locally.

Thanks for the replies, Zach Skinner

0

精彩评论

暂无评论...
验证码 换一张
取 消