双系统windows没有网_没有人登录时系统使用哪个Windows帐户?
双系统windows没有网
If you are curious and learning more about how Windows operates under the hood, then you may find yourself wondering which “account” active processes are running under when no one is logged into Windows. With that in mind, today’s SuperUser Q&A post has answers for a curious reader.
如果您好奇并了解有关Windows如何在幕后运行的更多信息,那么您可能会想知道没有人登录Windows时正在运行哪个“帐户”活动进程。 考虑到这一点,今天的SuperUser Q&A帖子为好奇的读者提供了答案。
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
今天的“问答”环节由SuperUser提供,它是Stack Exchange的一个分支,该社区是由社区驱动的Q&A网站分组。
问题 (The Question)
SuperUser reader Kunal Chopra wants to know which account is used by Windows when no one is logged in:
超级用户阅读器Kunal Chopra想知道没有人登录时Windows使用哪个帐户:
When no one is logged into Windows and the log in screen is displayed, which user account are the current processes running under (video & sound drivers, login session, any server software, accessibility controls, etc.)? It cannot be any user or the previous user because no one is logged in.
当没有人登录Windows并显示登录屏幕时,当前进程(视频和声音驱动程序,登录会话,任何服务器软件,可访问性控件等)在哪个用户帐户下运行? 它不能是任何用户或以前的用户,因为没有人登录。
What about processes that have been started by a user but continue to run after logging off (for example, HTTP/FTP servers and other networking processes)? Do they switch over to the SYSTEM account? If a user-started process is switched over to the SYSTEM account, then that indicates a very serious vulnerability. Does such a process run by that user continue to run under that user’s account somehow after they have logged off?
用户已经启动但注销后仍可继续运行的进程(例如HTTP / FTP服务器和其他网络进程)如何处理? 他们是否切换到SYSTEM帐户? 如果将用户启动的进程切换到SYSTEM帐户,则表明存在非常严重的漏洞。 在注销后,该用户运行的该进程是否仍以该用户的帐户继续运行?
Is this why the SETHC hack allows you to use CMD as SYSTEM?
这就是为什么SETHC hack允许您将CMD用作SYSTEM的原因吗?
Which account is used by Windows when no one is logged in?
Windows在没有人登录时使用哪个帐户?
答案 (The Answer)
SuperUser contributor grawity has the answer for us:
超级用户贡献者的感谢为我们提供了答案:
When no one is logged into Windows and the log in screen is displayed, which user account are the current processes running under (video & sound drivers, login session, any server software, accessibility controls, etc.)?
当没有人登录Windows并显示登录屏幕时,当前进程(视频和声音驱动程序,登录会话,任何服务器软件,可访问性控件等)在哪个用户帐户下运行?
Almost all drivers run in kernel mode; they do not need an account unless they start user-space processes. Those user-space drivers run under SYSTEM.
几乎所有驱动程序都在内核模式下运行。 除非它们启动用户空间进程,否则它们不需要帐户。 这些用户空间驱动程序在SYSTEM下运行。
With regard to the login session, I am sure that it uses SYSTEM as well. You can see logonui.exe using Process Hacker or SysInternals Process Explorer. In fact, you can see everything that way.
关于登录会话,我确定它也使用SYSTEM。 您可以使用Process Hacker或SysInternals Process Explorer看到logonui.exe。 实际上,您可以通过这种方式看到所有内容。
As for server software, see Windows services below.
至于服务器软件,请参阅下面的Windows服务。
What about processes that have been started by a user but continue to run after logging off (for example, HTTP/FTP servers and other networking processes)? Do they switch over to the SYSTEM account?
用户已经启动但注销后仍可继续运行的进程(例如HTTP / FTP服务器和其他网络进程)如何处理? 他们是否切换到SYSTEM帐户?
There are three kinds here:
这里有三种:
- Plain Old Background Processes: These run under the same account as whoever started them and do not run after logging off. The logoff process kills them all. HTTP/FTP servers and other networking processes do not run as regular background processes. They run as services. 普通的旧后台进程:这些进程与启动它们的人使用相同的帐户运行,并且在注销后不运行。 注销过程将全部杀死。 HTTP / FTP服务器和其他网络进程不作为常规后台进程运行。 它们作为服务运行。
Windows Service Processes: These are not launched directly, but via the Service Manager. By default, services run as LocalSystem (which isanae says equals SYSTEM) can have dedicated accounts configured. Of course, practically nobody bothers. They just install XAMPP, WampServer, or some other software and let it run as SYSTEM (forever unpatched). On recent Windows systems, I think services can also have their own SIDs, but again I have not done much research on this yet.
Windows服务进程:这些不是直接启动的,而是通过服务管理器启动的 。 默认情况下,以LocalSystem运行的服务( isaana说等于SYSTEM)可以配置专用帐户。 当然,几乎没有人打扰。 他们只是安装XAMPP,WampServer或其他软件,然后使其作为SYSTEM(永远未打补丁)运行。 在最近的Windows系统上,我认为服务也可以有自己的SID,但是我对此还没有做太多研究。
Scheduled Tasks: These are launched by the Task Scheduler Service in the background and always run under the account configured in the task (usually whoever created the task).
计划任务:这些任务由任务计划程序服务在后台启动,并且始终在任务中配置的帐户下运行(通常是创建任务的人)。
If a user-started process is switched over to the SYSTEM account, then that indicates a very serious vulnerability.
如果将用户启动的进程切换到SYSTEM帐户,则表明存在非常严重的漏洞 。
It is not a vulnerability because you must already have Administrator privileges to install a service. Having Administrator privileges already lets you do practically everything.
这不是漏洞,因为您必须已经具有管理员特权才能安装服务。 拥有管理员特权已使您几乎可以执行所有操作。
See Also: Various other non-vulnerabilities of the same kind.
Make sure to read through the rest of this interesting discussion via the thread link below!
确保通过下面的线程链接通读本有趣的讨论的其余部分!
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
有什么补充说明吗? 在评论中听起来不错。 是否想从其他精通Stack Exchange的用户那里获得更多答案? 在此处查看完整的讨论线程 。
双系统windows没有网