Alternative Permissions for StartInfo
I have a service (normally run as NetworkService) that retrieves process information using StartInfo. It works fine.
But a client wants to run the service as a restricted user. (a reasonable request)
According to MS docs StartInfo can only be used by a "fully trusted" user. Is there an alternative w开发者_Python百科ay to get most of the information from StartInfo without being "fully trusted" or to configure a restricted user that is "fully trusted" with respect to process info?
It sounds like you're confusing two orthogonal security systems: Windows user security and .NET code access security (CAS). While use of the System.Diagnostics.Process class requires CAS full trust, it does not require administrator user permissions, and is quite feasible for a non-admin/restricted user to run a fully trusted (wrt CAS) application.
That said, the operating system also imposes limits on what non-admin users may do with processes, particularly processes that are not running under their own accounts. Depending on what your code is trying to do with the processes, it may or may not be feasible to run your service under an account that does not have effective administrator permissions.
Basically anything related to processes requires full trust.
So no, there is no way to get information about processes without full trust.
Use the Code Access Security Policy Tool to assign full trust
精彩评论