James，


我假设你正在使用Process类或类似的东西？如果

这样，您可以通过Handle属性获取进程的句柄。


一旦有了，就可以调用OpenProcessToken（通过P /调用

layer）打开进程令牌进行读取。一旦你有了这个，你可以

然后调用GetTokenInformation函数（再次通过P / Invoke

层）来获得开始该过程的用户的SID。 br />

最后，您可以使用指向SID的

指针来调用LookupAccountSid API函数，以获取域名，用户名等等。


确保你通过调用时获得的令牌上的CloseHandle

GetTokenInformation。


希望这会有所帮助。 b $ b -

- Nicholas Paldino [.NET / C＃MVP]

- mv*@spam.guard.caspershouse.com


" JamesB" < ja *** @ somewhere.com.net.com.net写在留言中

news：46 ********************* ** @ news.zen.co.uk ...

James,

I''m assuming you are using the Process class or something similar? If
so, you can get the handle to the process through the Handle property.

Once you have that, you can call OpenProcessToken (through the P/Invoke
layer) to open the process token for reading. Once you have that, you can
then call the GetTokenInformation function (again through the P/Invoke
layer) to get the SID of the user that began the process.

Finally, you can call the LookupAccountSid API function using the
pointer to the SID to get the domain name, user name, etc, etc.

Make sure you call CloseHandle on the token you get from the call to
GetTokenInformation.

Hope this helps.
--
- Nicholas Paldino [.NET/C# MVP]
- mv*@spam.guard.caspershouse.com

"JamesB" <ja***@somewhere.com.net.com.netwrote in message
news:46***********************@news.zen.co.uk...

>我正在编写一项服务，用于监控特定应用程序何时启动。

工作，但我需要获得当前登录的用户，以及

课程Environment.UserName返回服务登录

（NT_AUTHORITY \ SYSTEM） 。


我明白，当服务启动时，没有用户可能会登录，但是

没关系，因为我正在监控的应用程序可以只有登录用户才能运行。

我是否需要使用WMI来获取Explorer.exe的用户上下文，或者是否有一个更好的方式？


詹姆斯。

>I am writing a service that monitors when a particular app is started.
Works, but I need to get the user who is currently logged in, and of
course Environment.UserName returns the service logon
(NT_AUTHORITY\SYSTEM).

I understand that when the service starts, no user may be logged in, but
that''s ok, as the app I am monitoring can only be run by a logged in user.
Do I need to use WMI to get the user context of Explorer.exe or is there a
neater way?

James.

" JamesB" < ja *** @ somewhere.com.net.com.net写在留言中

news：46 ********************* ** @ news.zen.co.uk ...

"JamesB" <ja***@somewhere.com.net.com.netwrote in message
news:46***********************@news.zen.co.uk...

>我正在编写一项服务，用于监控特定应用程序何时启动。

工作，但我需要获得当前登录的用户，以及

课程Environment.UserName返回服务登录

（NT_AUTHORITY \ SYSTEM） 。


我明白，当服务启动时，没有用户可能会登录，但是

没关系，因为我正在监控的应用程序可以只有登录用户才能运行。

我是否需要使用WMI来获取Explorer.exe的用户上下文，或者是否有一个更好的方式？


詹姆斯。

>I am writing a service that monitors when a particular app is started.
Works, but I need to get the user who is currently logged in, and of
course Environment.UserName returns the service logon
(NT_AUTHORITY\SYSTEM).

I understand that when the service starts, no user may be logged in, but
that''s ok, as the app I am monitoring can only be run by a logged in user.
Do I need to use WMI to get the user context of Explorer.exe or is there a
neater way?

James.

最简单的方法是使用System.Management和WMI的Win32_ProcessStartTrace

类。

以下是：


使用System.Management;

使用System.Security.Principal;

....

void WatchProcessStart（string procName）

{

WqlEventQuery q = new WqlEventQuery（）;

q.EventClassName = Win32_ProcessStartTrace;

q.Condition =" ProcessName =''" + procName +"''&quot ;; //把过程

你要在这里看的名字......

使用（ManagementEventWatcher w = new ManagementEventWatcher（q））{

w.EventArrived + = new

EventArrivedEventHandler（ProcessStartEventArrived）;

w.Start（）;

// BLOCK这个帖子，等待停止处理程序的事件和

返回...

...

w.Stop（）;

}

}

static void ProcessStartEventArrived（对象发送者，EventArrivedEventArgs

e）{

foreach（PropertyData pd在e.NewEvent.Properties中）{

string userAccount =

GetUserAccountFromSid（（（byte []）e.NewEvent.Properties [" Sid"]。Value）） ）;

//用userAccount做一些事情..

}

}

静态字符串GetUserAccountFromSid（byte [] sid）

{

SecurityIdentifier si = new SecurityIdentifier（sid，0）;

NTAccount acc =（NTAccount）si.Translate（typeof（NTAccount））;

返回acc。价值;

}

威利。

The easiest is to use System.Management and WMI''s "Win32_ProcessStartTrace"
class.
Here is how:

using System.Management;
using System.Security.Principal;
....
void WatchProcessStart(string procName)
{
WqlEventQuery q = new WqlEventQuery( );
q.EventClassName = "Win32_ProcessStartTrace";
q.Condition = "ProcessName = ''" + procName + "''"; // Put the process
name you want to watch for here...
using(ManagementEventWatcher w = new ManagementEventWatcher(q)){
w.EventArrived += new
EventArrivedEventHandler(ProcessStartEventArrived) ;
w.Start();
// BLOCK this thread, wait for an event to stop the handler and
return...
...
w.Stop();
}
}
static void ProcessStartEventArrived(object sender, EventArrivedEventArgs
e) {
foreach(PropertyData pd in e.NewEvent.Properties) {
string userAccount =
GetUserAccountFromSid(((byte[])e.NewEvent.Properties["Sid"].Value)));
// do something with "userAccount" ..
}
}
static string GetUserAccountFromSid(byte[] sid)
{
SecurityIdentifier si = new SecurityIdentifier(sid, 0);
NTAccount acc = (NTAccount)si.Translate(typeof(NTAccount));
return acc.Value;
}
Willy.

" JamesB&QUOT; < ja *** @ somewhere.com.net.com.net写在留言中

news：46 ********************* ** @ news.zen.co.uk ...

"JamesB" <ja***@somewhere.com.net.com.netwrote in message
news:46***********************@news.zen.co.uk...

>我正在编写一项服务，用于监控特定应用程序何时启动。

工作，但我需要获得当前登录的用户，以及

课程

>I am writing a service that monitors when a particular app is started.
Works, but I need to get the user who is currently logged in, and of
course

您使用了短语 ;用户，所以这是必读的：
http://blogs.msdn.com/oldnewthing/ar...22/712677.aspx


确保你已经考虑过Raymond问的问题，然后使用Willy或Nicholas提供的解决方案之一

。

You used the phrase "the user", so this is required reading:
http://blogs.msdn.com/oldnewthing/ar...22/712677.aspx

Make sure you''ve thought about the questions Raymond asks, then use one of
the solutions already provided by Willy or Nicholas.