Vista Win7 Credential Provider 5个例子

0 操作成功完成1 函数不正确2 系统找不到指定的文件3 系统找不到指定的路径4 系统无法打开文件5 拒绝访问6 句柄无效7存储控制块被损坏8 存储空间不足，无法处理此命令9 存储控制块地址无效10 环境不正确11 试图加载格式不正确的程序12 访问码无效13 数据无效14 存储空间不足，无法完成此操作15 系统找不到指定的驱动器16 无法删除目录17 系统无法将文件移到不同的驱动器18 没有更多文件19 介质受写入保护20 系统找不到指定的设备21 设备未就绪22 设备不识别此命令23 数据错误(循环冗余检查)24程序发出命令，但命令长度不正确25 驱动器找不到磁盘上特定区域或磁道26 无法访问指定的磁盘或软盘27 驱动器找不到请求的扇区28 打印机缺纸29 系统无法写入指定的设备30 系统无法从指定的设备上读取31 连到系统上的设备没有发挥作用。

32 另一个程序正在使用此文件，进程无法访问33 另一个程序已锁定文件的一部分，进程无法访问36 用来共享的打开文件过多38 已到文件结尾39 磁盘已满50 不支持请求51 Windows 无法找到网络路径。

请确认网络路径正确并且目标计算机不忙或已关闭。

如果Windows 仍然无法找到网络路径，请与网络管理员联系52 由于网络上有重名，没有连接。

请到“控制面板”中的“系统”更改计算机名，然后重试53 找不到网络路径54 网络很忙55 指定的网络资源或设备不再可用56 已达到网络BIOS 命令限制57 网络适配器硬件出错58 指定的服务器无法运行请求的操作59 出现了意外的网络错误60 远程适配器不兼容61 打印机队列已满62 服务器上没有储存等待打印的文件的空间63 已删除等候打印的文件64 指定的网络名不再可用65 拒绝网络访问66 网络资源类型不对67 找不到网络名68 超出本地计算机网络适配器卡的名称限制69 超出了网络BIOS 会话限制70 远程服务器已暂停，或正在启动过程中71 已达到计算机的连接数最大值，无法再同此远程计算机连接72 已暂停指定的打印机或磁盘设备80 文件存在82 无法创建目录或文件83 INT 24 上的故障84 无法取得处理此请求的存储空间85 本地设备名已在使用中86 指定的网络密码不正确87 参数不正确88 网络上发生写入错误89 系统无法在此时启动另一个进程100 无法创建另一个系统信号灯101 另一个进程拥有独占的信号灯102 已设置信号灯，无法关闭103 无法再设置信号灯104 无法在中断时请求独占的信号灯105 此信号灯的前一个所有权已结束107 由于没有插入另一个软盘，程序停止108 磁盘在使用中，或被另一个进程锁定109 管道已结束110 系统无法打开指定的设备或文件111 文件名太长112 磁盘空间不足113 没有更多的内部文件标识符114 目标内部文件标识符不正确117 应用程序发出的IOCTL 调用不正确118 验证写入的切换参数值不正确119 系统不支持请求的命令120 这个系统不支持该功能121 信号灯超时时间已到122 传递给系统调用的数据区域太小123 文件名、目录名或卷标语法不正确124系统调用级别不正确125 磁盘没有卷标126 找不到指定的模块127 找不到指定的程序128 没有等候的子进程130 试图使用操作(而非原始磁盘I/O)的已打开磁盘分区的文件句柄131 试图将文件指针移到文件开头之前132 无法在指定的设备或文件上设置文件指针133 包含先前加入驱动器的驱动器无法使用JOIN 或SUBST 命令134 试图在已被合并的驱动器上使用JOIN 或SUBST 命令135 试图在已被合并的驱动器上使用JOIN 或SUBST 命令136 系统试图解除未合并驱动器的JOIN137 系统试图解除未替代驱动器的SUBST138 系统试图将驱动器合并到合并驱动器上的目录139 系统试图将驱动器替代为替代驱动器上的目录140 系统试图将驱动器合并到替代驱动器上的目录141 系统试图替代驱动器为合并驱动器上的目录142 系统无法在此时运行JOIN 或SUBST143 系统无法将驱动器合并到或替代为相同驱动器上的目录144 目录不是根目录下的子目录145 目录不是空的146 指定的路径已在替代中使用147 资源不足，无法处理此命令148 指定的路径无法在此时使用149 企图将驱动器合并或替代为驱动器上目录是上一个替代的目标的驱动器150 系统跟踪信息未在CONFIG.SYS 文件中指定，或不允许跟踪151 为DosMuxSemWait 指定的信号灯事件数量不正确152 DosMuxSemWait 没有运行；已设置过多的信号灯153 DosMuxSemWait 列表不正确154输入的卷标超过目标文件系统的长度限制155 无法创建另一个线程156 接收人进程拒绝此信号157 段已被放弃且无法锁定158 段已解除锁定159 线程ID 的地址不正确160 至少有一个参数不正确161 指定的路径无效162 信号已暂停164 无法在系统中创建更多的线程167 无法锁定文件区域170 请求的资源在使用中173 对于提供取消区域进行锁定的请求已完成174 文件系统不支持锁定类型的最小单元更改180 系统检测出错误的段183 当文件已存在时，无法创建该文186 传递的标志不正187 找不到指定的系统信号灯名196 操作系统无法运行此应用程197 操作系统当前的配置不能运行此应用程199 操作系统无法运行此应用程序200 代码段不可大于或等于64K203 操作系统找不到已输入的环境选项205 命令子树中的进程没有信号处理程序206 文件名或扩展名太长207 第2 环堆栈已被占用208 没有正确输入文件名通配符* 或?，或指定过多的文件名通配符209 正在发送的信号不正确210 无法设置信号处理程212 段已锁定且无法重新分配214 连到该程序或动态链接模块的动态链接模块太多215 无法嵌套调用LoadModule230 管道状态无效231 所有的管道范例都在使用中232 管道正在被关闭233 管道的另一端上无任何进程234有更多数据可用240 已取消会话254 指定的扩展属性名无效255 扩展属性不一致258 等待的操作过时259 没有可用的数据了266 无法使用复制功能267 目录名无效275 扩展属性在缓冲区中不适用276 装在文件系统上的扩展属性文件已损坏277 扩展属性表格文件已满278 指定的扩展属性句柄无效282 装入的文件系统不支持扩展属性288 企图释放并非呼叫方所拥有的多用户终端运行程序298 发向信号灯的请求过多299 仅完成部分的ReadProcessMemoty 或WriteProcessMemory 请求300操作锁定请求被拒绝301 系统接收了一个无效的操作锁定确认302 此卷太碎，不能完成这个操作303 不能打开文件，因为它正在被删除487 试图访问无效的地址534算术结果超过32 位535 管道的另一端有一进程536 等候打开管道另一端的进程994 拒绝访问扩展属性995 由于线程退出或应用程序请求，已放弃I/O 操作996 重叠I/O 事件不在信号状态中997 重叠I/O 操作在进行中998 内存分配访问无效999 执行页内操作时的错误1001 递归太深；堆栈溢出1002 窗口无法在已发送的消息上操作1003 无法完成此功能1004 无效标志1005 此卷不包含可识别的文件系统。

Windows VistaSample Credential Providers Overview ContentsTerms of Use (2)Release Notes (3)SampleCredentialProvider (3)The SampleCredentialProvider Codebase (4)Project Structure (4)Common Tasks For Extending SampleCredentialProvider (5)Tips & Tricks (7)Automating The Deployment Process (7)Developing With CredUI (7)Debugging LogonUI (8)If Your System Becomes Unstable (9)SampleCredUICredentialProvider (10)SampleAllControlsCredentialProvider (10)SampleHardwareEventCredentialProvider (11)SampleWrapExistingCredentialProvider (13)Default Tiles (15)Wrapping Existing Credential Providers (15)Credential Provider Architecture (17)Summary ........................................................................................................... 错误！未定义书签。

Questions (17)Appendix A – Frequently Asked Questions (18)Terms of UseThis code and information is provided "as is" without warranty of any kind, either expressed or implied, including but not limited to the implied warranties of merchantability and/or fitness for a particular purpose.Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.Copyright (c) 2006 Microsoft Corporation. All rights reserved.Microsoft, Windows Vista, Windows XP, and Visual Studio are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.IntroductionIn this document, we’ll take a look at some custom Windows Vista credential provider samples. Specifically, we’ll cover the following topics:1. Understanding the base SampleCredentialProvider codebase.2. Common tasks for extending the base SampleCredentialProvider codebase.3. SampleCredUICredentialProvider, which supports CredUI.4. SampleAllControlsCredentialProvider, which exposes each possible UIcontrol.5. SampleHardwareEventCredentialProvider, which supports asynchronousevents.6. SampleWrapExistingCredentialProvider, which wraps the defaultusername/password credential provider in Windows Vista.Release NotesThis is the third release of the samples. The first release targeted the February CTP. The second release targeted Beta2 and added additional samples. This third release updates those samples for RTM.Changes include∙Fixing unlock. Post-Beta2, Windows Vista changed to require a KerbWorkstationUnlockLogon message type to unlock the machine and a KerbInteractiveLogon message type to log on to the machine. Previously it would accept a KerbInteractiveLogon message type for both logon andunlock. The samples have been updated accordingly. [v3.0] ∙Using CredProtect to encrypt the password when the credentials are serialized. [v3.0]∙Updating the project settings to support Visual C++ Express. [v3.0]∙Updating the SampleCredUICredentialProvider to handle additional Credui scenarios such as proper handling of CREDUIWIN_PACK_32_WOW[v3.0]∙Fixed some issues in SampleWrapExistingCredentialProvider. Any callbacks into ICredentialProviderCredentialEvents would fail because itwas confused about which credprov was which. Among other symptoms, this caused change expired password to fail. The solution is to have thewrapper credprov provide an ICredentialProviderCredentialEvents. [v3.0] ∙Overview now includes FAQ (Appendix A) [v3.0] SampleCredentialProviderOut of the box, SampleCredentialProvider provides a DLL project that exposes the two COM interfaces required to develop a credential provider: ICredentialProvider and ICredentialProviderCredential. ICredentialProvider exposes the functionality to enumerate available credentials, andICredentialProviderCredential exposes the functionality required for each specific credential during the authentication process.The SampleCredentialProvider CodebaseThe SampleCredentialProvider project provides a working baseline credential provider. This sample is hardcoded to expose two accounts: Administrator and Guest. The following screenshot shows what this might look like on a domain joined machine.Project StructureThe SampleCredentialProvider project includes a small set of files, each with their own purpose:Common Tasks For Extending SampleCredentialProviderSince SampleCredentialProvider provides a great baseline for developing custom providers, it is recommended that you customize it to meet your needs, rather than starting from scratch. The following steps will walk you through the process of customizing the SampleCredentialProvider project that is common to all extensions.W e’ll use “MyCredentialProvider” as t he new project name, so be sure to change it to reflect the name you want to use. We’re also not going to rename any of the folders or files to reflect the name unless it is required to build successfully, so this may be something you choose to do once you’re comfortable with the codebase.Please note that these samples are intended to be run against the RTM version of Windows Vista. They should be compiled against the RTM version of the Windows Vista SDK.1. Set up Visual Studio 2005 in Tools | Options to use the executables, includes,and libs from the SDK instead of the ones shipped with VS. For more info on how to do this, see ReleaseNotes.Htm in the root of the SDK directory.2. In the SampleCredentialProvider folder, double-click theSampleCredentialProvider.sln to open it in Visual Studio 2005.3. In the Solution Explorer, right-click the SampleCredentialProvider projectnode and select Rename. Change the name to “MyCredentialProvider” and press Enter to lock in.4. In the Solution Explorer, right-click the MyCredentialProvider project nodeand select Properties. This will launch the MyCredentialProvider Property Pages dialog.5. In the left tree view, select the Configuration Properties | C/C++ node.6. Make sure the path to your Vista SDK include directory is included inAdditional Include Directories. On a default install it ends up at “C:\Program Files\Microsoft SDKs\Windows\v1.0\Include”.7. In the left tree view, select the Configuration Properties | Linker node todisplay the general properties of the linker configuration.8. Make sure the path to your Vista SDK library directory is included inAdditional Library Directories. On a default install it ends up at “C:\Program Files\Microsoft SDKs\Windows\v1.0\Lib".9. Press OK to dismiss the dialog.10. Open samplecredentialprovider.def. Change“SAMPLECREDENTIALPROVIDER.DLL” to“MYCREDENTIALPROVIDER.DLL”. Save samplecredentialprovider.def. 11. Open guid.h. Replace the GUID in DEFINE_GUID with a unique one. Youcan generate a unique GUID from Tools | Create GUID. Be sure toremember it for later. Save guid.h.12. Open Register.reg in notepad or Visual Studio (do not execute it in Explorer).Replace the GUIDs in each registry key with the one created in the last step.Also change “sampleprovider” to “MyCredentialProvider” as well as"SampleCredentialProvider.dll" to "MyCredentialProvider.dll". SaveRegister.reg.13. Open Unregister.reg in notepad or Visual Studio (do not execute it inExplorer). Replace the GUID in the registry key with the one used in theRegister.reg. Save Unregister.reg.14. Select Build | Build Solution. If there are any build errors, review the stepsabove.15. Copy the freshly built MyCredentialProvider.dll to the System32 directory ofthe test machine.16. Copy Register.reg to the test machine and run it from Explorer to register thecredential provider.17. From the Start Menu, select the option to switch users.18. The login screen should now have an extra Administrator and Guestaccount. If all you see is one large tile, click Switch User to see the list of tiles.19. You should be able to log in using the newly created Administrator accounttile. The Guest account may or may not be enabled due to the securitysettings of your system.20. If you want to remove the sample, copy Unregister.reg to the test machineand run it to unregister the credential provider.Tips & TricksThe following are some tips & tricks that can help you during the development cycle. These are useful to keep in mind when reviewing the other samples covered later in this document.Automating The Deployment ProcessIf you are developing on a test machine to begin with, you can automate the DLL deployment process of by adding a Post-Build Event that automatically copies the output DLL to the System32 directory. For example, you can go to the Configuration Properties | Build Events | Post-Build Event tab of the project’s Property Pages dialog and set the following for Command Line:copy "$(OutDir)\$(ProjectName).dll" %systemroot%\system32 /YHowever, be careful when performing a second build since the Post-Build Event only occurs after a successful build, and Visual C++ will skip the build process if the binaries are already up-to-date.Developing With CredUIAlthough you may not want to support the CredUI scenario in your final credential provider, you may wish to use it during development and debugging if you are developing on the test machine. Since the CredUI scenario runs from a normal desktop session, you’ll be able to attach the Visual Studio debugger to it at runtime, drastically simplifying the process of development and testing.To do this:1. Create a new Win32 console project in Visual Studio.2. Update the main function of your new project to make a call toCredUIPromptForWindowsCredentials, such as:#include"stdafx.h"#include<windows.h>#include<WinCred.h>int _tmain(int argc, _TCHAR* argv[]){BOOL save = false;DWORD authPackage = 0;LPVOID authBuffer;ULONG authBufferSize = 0;CREDUI_INFO credUiInfo;credUiInfo.pszCaptionText = TEXT("My caption");credUiInfo.pszMessageText = TEXT("My message");credUiInfo.cbSize = sizeof(credUiInfo);credUiInfo.hbmBanner = NULL;credUiInfo.hwndParent = NULL;CredUIPromptForWindowsCredentials(&(credUiInfo), 0, &(authPackage), NULL, 0, &authBuffer, &authBufferSize, &(save), 0);}3. Update the project to link against CredUI.lib. You may need to update your“Additional Include Directories” and “Additional Library Directories” to point to the Windows Vista SDK from the project’s property pages dialog.4. Add your credential provider project to the solution.5. Build the credential provider and make sure the latest version is deployed tothe System32 directory and is registered as a credential provider.6. Set breakpoints, etc, and then run the console app in debug mode. Yourbreakpoints should get hit as appropriate afterCredUIPromptForWindowsCredentials is called from the console app.Debugging LogonUIIn short: hook up kd between your test machine and your debugging machine and then pipe ntsd over kd for logonUI. There’s a fair amount of info on how to do thi s on the web (although not specifically for logonUI). But here’s some basic pointers.1. Install the debugger package(/whdc/devtools/debugging/default.mspx)2. Get kd set up between the two computers (for more info look on the web or MSDN)a. Hook up your debug cableb. On the debugee machine, run something like the following (change commandline arguments as necessary)i. Bcdedit –debug onii. Bcdedit –dbgsettings serial debugport:1 baudrate:115200c. Reboot debuggeed. On debugger machine, run something likei. Kd.exe –r –k com:port=com1,baud=1152003. Copy symbols that you will need locally to the box since NTSD won’t have access to thenetwork4. Create a key named logonui.exe under HKLM\SOFTWARE\Microsoft\WindowsNT\CurrentVersion\Image File Execution Options5. In the logonui.exe key, create a string value named Debuggera. Populate that value with the path to ntsd.exe on your machine, for exampleC:\debuggers\ntsd.exe -d -gG -y <path to local symbols> (space between –y andpath required)b. –d pipes the NTSD output to KDc. –g ignores the initial startup breakpoint in the process (if you want the process tobreak instantly when first executed to set BPs, do not set the small g)d. –G ignores the termination breakpoint, so the process will exit quietlye. –y sets the local symbol path on the debugee for NTSD6. Breaking in when a .DLL loads (not required, but good to know if needed)a. Follow all of the steps above for the executable that loads the .dll, but do not setthe small g flag, then when the process starts, NTSD will break inb. Type sxeld <dll name>c. Then g the debugger and NTSD will break in on load of that dll and you can setbreakpoints, etc.If Your System Becomes UnstableDuring the process of credential provider development, there is a good possibility that you might mess up the credential providers, possibly even crashing LogonUI. Don’t Panic.Typically, you can reboot Windows in safe mode (repeatedly tap F8 during early boot for the menu to do this). From safe mode you should be able to log in using the normal password provider, at which point you can unregister the offending credential provider.The other thing you might do is to accidentally unregister one or more of the built-in credential providers by deleting its key from the registry. For reference, here are the keys fromHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers:You should be able to reenter them after rebooting in safe mode.SampleCredUICredentialProviderWindows Vista introduces CredUIPromptForWindowsCredentials, which can be thought of as the next generation of CredUIPromptForCredentials (although CredUIPromptForCredentials is still maintained for backwards compatibility). Unlike CredUIPromptForCredentials, CredUIPromptForWindowsCredentials relies on the same credential providers used by the login screen. While implementing these credential providers are fundamentally the same, there is one place you’ll need to make a decision regarding how your credential provider works.The implementation of CSampleProvider::SetUsageScenario contains everything we need to add support for CredUI. This method is called with a specific usage scenario (a CREDENTIAL_PROVIDER_USAGE_SCENARIO), which asks the credential provider if it supports it. By default, SampleCredentialProvider does not support the CPUS_CREDUI usage scenario, which means that an application using CredUIPromptForWindowsCredentials will not be able to access credentials provided through it. However, we have changed this for the SampleCredUICredentialProvider by having requests for the CPUS_CREDUI scenario treated in the same way as CPUS_LOGON – so it will enumerate the same two tiles in the Credui scenario. SampleAllControlsCredentialProviderThe SampleAllControlsCredentialProvider project illustrates the usage of each of the nine UI controls available to credential providers. Here’s an example of what you’ll see when you run this sample from LogonUI:Note that the Cancel button is automatically inserted by LogonUI.One of the nice things about this sample is that it differs only slightly from the base sample credential provider discussed earlier. Specifically, the key areas changed are in Common.h and CSampleCredential.h.In Common.h, we’ve added more controls to the SAMPLE_FIELD_ID enumeration, as well as respective entries for s_rgFieldStatePairs ands_rgCredProvFieldDescriptors. As you’ll see from the screenshots above, only the “tile image” and “large text” are configured to display in both selected and deselected mode, whereas the “small text” is configured to only appear when the tile is deselected. All other controls appear only in the selected tile. To change this behavior, modify the second member of the s_rgFieldStatePairs (it’s a CREDENTIAL_PROVIDER_FIELD_INTERACTIVE_STATE).In addition to the new fields in Common.h, it’s necessary to add in support for each type of control to the CSampleCredential.cpp implementation. By default, the base sample only implements support for the String and Bitmap methods, such as GetStringValue, etc. Since those are the only types of controls used in the sample, it was fine to return E_NOTIMPL from the unused control methods, such as GetCheckboxValue. However, since we’re using these controls now, we’ve implemented support for getting and setting their resp ective values.SampleHardwareEventCredentialProviderA common scenario for custom credentials involves external events, such as the arrival of a message generated by a fingerprint scanner. The SampleHardwareEventCredential sample illustrates processing asynchronous events such as these.When run, this sample displays a window with a single button. This window is designed to emulate an external element that has two states: connected and disconnected. When disconnected, the credential merely displays a large text asking the user to connect:By pressing the “Press to connect” button, you simulate a hardware event such as swiping a fingerprint and the credential provides different controls, allowing the user to log in:Since you cannot change the controls used by a particular credential while handling a hardware event (because you haven’t been Advised on ICredentialProviderCredentialEvents), this sample actually implements two credentials: a “please connect” m essage credential and an actual “log in” credential, which is effectively the same as the CSampleCredential from the SampleCredentialProvider project. Depending on the state of the connection emulator window, the provider displays the proper one.The window is created on a separate thread, which provides it with a way to pump messages while the provider thread is managed by an external authority. When the button is pressed, the window thread calls in to the provider, asking it to re-enumerate its credentials by calling the CredentialsChanged method on the ICredentialProviderEvents pointer it received in an earlier Advise call:When the credentials are enumerated, methods like GetCredentialCount and GetFieldDescriptorCount are called again. In turn, the provider checks the stateof the connection emulator and provides data for the appropriate credential. In either case, exactly one credential is always displayed. Note that we’re calling CredentialsChanged from a separate thread, which is okay to do. However, be extra careful when trying to call other methods from the separate thread.While this sample illustrates using a button on a window as an event, you could customize CCommandWindow::ThreadProc to look for any event you need, provided it’s supported on the secure desktop. SampleWrapExistingCredentialProviderIn some scenarios, you may find that an existing credential provider fits almost all of your needs, with the exception of an additional field or two you need to retrieve from the user. It would be a shame to have to re-implement the functionality of the existing credential provider, so this sample illustrates the process of wrapping an existing credential provider and extending it with two additional fields. Please note that encapsulation (or "wrapping") should be used sparingly. It is not a one size fits all replacement for the GINA chaining behavior. Unlike GINA chaining, the behavior you add only applies if the user clicks on your credential tile and does not apply if they click on another credential tile. Encapsulation is only done explicitly and should only be done when you know exactly what the behavior of the wrapped credprov is. It should be used when you want to extend the credential information that the wrapped credprov is getting. If you merely want to do something extra with the credentials gathered by another credprov, then a network provider is likely more suited to your needs than a credential provider.In our scenario, we simply attached an extra small text and combobox to the existing password provider’s credentials. We’ll let the existing credential provider decide how many credentials to enumerate, how to enumerate them, and how to authentic ate. We’ll also let it deal with the behavior for the controls it defines. Credential providers are COM objects, so they can be created and managed just like any other COM object. In our scenario, we use theCLSID_PasswordCredentialProvider found in CredentialProvider.h to instantiate the provider, and then we proxy most of the calls through to it, returning the results as though they were our own. However, if we receive calls related to our specific extensions, we handle those ourselves.Since we don’t want to limit the functionality of the wrapped credential, it’s important to avoid assumptions where possible. For example, we don’t use a checkbox in our extension, but it is possible that the underlying credential may (if not now, then possibly sometime in the future). As a result, calls to methods we don’t do anything for should still be passed along to the wrapped credential.In some cases, we do handle calls that our wrapped credential needs as well. Fortunately, we can use the dwFieldID parameter to determine whether the referenced fields are ours or theirs. Since our sample appends controls to the wrapped credential, we can perform a simple check to see if the field is ours or theirsHowever, if you decide to insert controls between controls in the wrapped credential, you’ll need to be extra careful to track which field IDs are yours and which are theirs.For some well-known credential fields, such as the password provider’s password field, you can determine their location by checking the guidFieldType property of their CREDENTIAL_PROVIDER_FIELD_DESCRIPTOR. For example, password field’s CLSID is CPFG_LOGON_PASSWORD. More well-known CLSIDs are available in shlguid.h.Default TilesA Credential Provider may specify a default tile when queried regarding the number of tiles it intends to return. Although this is straightforward from the perspective of each individual Credential Provider, developers should keep in mind that LogonUI will not necessarily treat their tile as the default in all cases. The Credential Provider most recently used for interactive logon will receive preference when multiple providers return a default tile. In other words, when two or more providers return a default tile, the tile specified by the Credential Provider last used to log on will be displayed in zoomed view. This behavior does not occur in a remote session because the most recently used Credential Provider is not saved.Credential Providers may also specify default tiles for the CredUI usage scenario. The default tile in this scenario will receive focus when CredUI appears to the user. CredUI resolves multiple default tile conflicts using the same logic as LogonUI. There is no way for a Credential Provider to determine if other providers specify a default tile.The default tile provided by the Credential Provider last used to successfully logon does not need to be the same tile used during the previous logon. The Credential Provider is free to specify any of its tiles when it enumerates the default.Wrapping Existing Credential ProvidersAlthough Microsoft provides a wrapped Credential Provider sample, it is very important that all third parties proceed with extreme caution when implementing a wrapped provider. As long as instantiating multiple instances of the wrapped Credential Provider does not cause problems, wrapping is a safe technique and allows third party developers to avoid rewriting code. For instance, if the wrapped Credential Provider stores anything globally there may be issues creating two instances. The Microsoft in-box providers should be safe to wrap by third parties.Developers need to be aware that wrapping can be very dangerous if a Credential Provider filters out the original instance of the wrapped provider. In certain situations this is acceptable, but the consequences of unanticipatedfiltering should be considered to avoid unexpected (and undesirable) consequences.IT Professionals writing Credential Providers which filter out providers on every box in a domain are most likely safe to filter at their discretion. These administrators own the experience on the desktops in their domain. Due to the nature of the controlled environment, they most likely do not need to worry about conflicting filters unexpectedly breaking their machines. Best practices should be followed when installing new Credential Providers. Deploy in a staged environment prior to rolling your changes out to the entire domain.If you are an ISV or an OEM designing a Credential Provider intended for deployment to desktops you do not control then you will want to proceed with much greater caution. For instance, consider a case where two separate credential providers each wrap and filter the in-box password provider. Imagine at least one of them performs an operation effecting the entire machine before logon. Consider what happens when a user installs both these hypothetical credential providers on the same machine. During logon only one of them will be used. In this scenario the user can reach the desktop without performing an important operation specified by one of the credential providers.In general, you should- Only filter out other Credential Providers if you explicitly ask and obtain permission from the administrator in charge of setup- Not filter out any of the built-in providers (for instance, the password provider) unless one of the following is trueo Not filtering an in-box provider will cause user confusion. Consider the consequences of not filtering the in-box provider – if it does notseverely impact user experience (and wouldn’t cause bad problemsif a user logged on using this in-box provider), you probably do notneed to filter it out.o If you are an OEM or ISV and you are guaranteed to be the only 3rd Party Credential Provider on the box, then you are essentially inITPro category above and you should have no problem.If you are not guaranteed to be the only Credential Provider on the box then you may introduce possible instabilities if you filter any built-in providers. Some Credential Provider authors might be tempted to do this in order to force users to use the installed 3rd party Credential Provider for all logons (for instance, to run a script). It is bad practice to depend on users logging on using a specific Credential Provider. Third Party Credential Provider authors generally should not assume there will not be other Credential Provider installed on the user’s system.。

windows7服务设置参考（关闭无用服务大大提升运行速度）Adaptive brightness监视周围的光线状况来调节屏幕明暗，如果该服务被禁用，屏幕亮度将不会自动适应周围光线状况。

该服务的默认运行方式是手动，如果你没有使用触摸屏一类的智能调节屏幕亮度的设备，该功能就可以放心禁用。

\\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationAppID Service确定应用程序的身份。

该服务的默认运行方式是手动，不建议更改。

\\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationApplication Experience在应用程序启动时处理应用程序兼容型查询请求。

该服务的默认运行方式是自动，不建议更改。

\\WINDOWS\system32\svchost.exe -k netsvcs估计使用该技术之后在运行老程序的时候系统会自动选择相应的兼容模式运行，以便取得最佳效果。

Application Information为应用程序的运行提供信息。

该服务的默认运行方式是手动，不建议更改。

\\WINDOWS\system32\svchost.exe -k netsvcsApplication Layer Gateway Service为 Internet 连接共享提供第三方协议插件的支持。

该服务的默认运行方式是手动，如果你连接了网络，则该服务会自动启动，不建议更改。

\\WINDOWS\System32\alg.exeWindows XP/Vista中也有该服务，作用也差不多，是系统自带防火墙和开启ICS共享上网的依赖服务，如果装有第三方防火墙且不需要用ICS方式共享上网，完全可以禁用掉。

Application Management为活动目录的智能镜像(IntelliMirror)组策略程序提供软件的安装、卸载和枚举等操作。

vista和win7在windows服务中交互桌⾯权限问题解决⽅法：穿透Session0隔离Windows 服务在后台执⾏着各种各样任务，⽀持着我们⽇常的桌⾯操作。

有时候可能需要服务与⽤户进⾏信息或界⾯交互操作，这种⽅式在XP 时代是没有问题的，但⾃从Vista 开始你会发现这种⽅式似乎已不起作⽤。

Session 0 隔离实验下⾯来做⼀个名叫AlertService 的服务，它的作⽤就是向⽤户发出⼀个提⽰对话框，我们看看这个服务在Windows 7 中会发⽣什么情况。

using System.ServiceProcess;using System.Windows.Forms;namespace AlertService{public partial class Service1 : ServiceBase{public Service1(){InitializeComponent();}protected override void OnStart(string[] args){MessageBox.Show("A message from AlertService.");}protected override void OnStop(){}}}程序编译后通过Installutil 将其加载到系统服务中：在服务属性中勾选“Allow service to interact with desktop” ，这样可以使AlertService 与桌⾯⽤户进⾏交互。

在服务管理器中将AlertService 服务“启动”，这时任务栏中会闪动⼀个图标：点击该图标会显⽰下⾯窗⼝，提⽰有个程序（AlertService）正在试图显⽰信息，是否需要浏览该信息：尝试点击“View the message”，便会显⽰下图界⾯（其实这个界⾯我已经不能从当前桌⾯操作截图了，是通过Virtual PC 截屏的，其原因请继续阅读）。

组策略安全选项对应注册表项汇总在组策略中的位置:计算机设置->Windows设置->安全设置->本地策略->安全选项详细列表:[MACHINE\System\CurrentControlSet\Control\Lsa] 值名:AuditBaseObjects含义:对全局系统对象的访问进行审计类型:REG_DWORD数据:0=停用1=启用值名:CrashOnAuditFail含义:如果无法纪录安全审计则立即关闭系统类型:REG_DWORD数据:0=停用1=启用值名:FullPrivilegeAuditing含义:对备份和还原权限的使用进行审计类型:REG_BINARY数据:0=停用1=启用值名:LmCompatibilityLevel含义:LAN Manager身份验证级别类型:REG_DWORD数据:0=发送LM &NTLM响应1=发送LM & NTLM -若协商使用NTLMv2安全2=仅发送NTLM响应3=仅发送NTLMv2响应4=仅发送NTLMv2响应\拒绝LM5=仅发送NTLMv2响应\拒绝LM &NTLM值名:RestrictAnonymous含义:对匿名连接的额外限制(通常用于限制IPC$空连接)类型:REG_DWORD数据:0=无.依赖于默认许可权限1=不允许枚举SAM账号和共享2=没有显式匿名权限就无法访问值名ubmitControl含义:允许服务器操作员计划任务(仅用于域控制器)类型:REG_DWORD数据:0=停用1=启用[MACHINE\System\CurrentControlSet\Control\Print\Providers\LanMan PrintServices\Servers]值名:AddPrinterDrivers含义:防止用户安装打印机驱动程序类型:REG_DWORD数据:0=停用1=启用[MACHINE\System\CurrentControlSet\Control\SessionManager\MemoryManagement]值名:ClearPage含义:在关机时清理虚拟内存页面交换文件类型:REG_DWORD数据:0=停用1=启用[MACHINE\System\CurrentControlSet\Control\SessionManager]值名rotectionMode含义:增强全局系统对象的默认权限 (例如 SymbolicLinks)类型:REG_DWORD数据:0=停用1=启用[MACHINE\System\CurrentControlSet\Services\LanManServer\Parameters]值名:EnableSecuritySignature含义:对服务器通讯进行数字签名(如果可能)类型:REG_DWORD数据:0=停用1=启用值名:RequireSecuritySignature含义:对服务器通讯进行数字签名(总是)类型:REG_DWORD数据:0=停用1=启用值名:EnableForcedLogOff含义:当登录时间用完时自动注销用户(本地)类型:REG_DWORD数据:0=停用1=启用值名:AutoDisconnect含义:在断开会话产所需要的空闲时间类型:REG_DWORD数据:分钟数[MACHINE\System\CurrentControlSet\Services\LanmanWorkstation\Paramet ers]值名:EnableSecuritySignature含义:对客户端通讯进行数字签名(如果可能)类型:REG_DWORD数据:0=停用1=启用值名:RequireSecuritySignature含义:对客户端通讯进行数字签名(总是)类型:REG_DWORD数据:0=停用1=启用值名:EnablePlainTextPassword含义:发送未加密的密码以连接到第三方SMB服务器类型:REG_DWORD数据:0=停用1=启用[MACHINE\System\CurrentControlSet\Services\Netlogon\Parameters] 值名isablePasswordChange含义:防止计算机帐户密码的系统维护类型:REG_DWORD数据:0=停用1=启用值名ignSecureChannel含义:安全通道: 对安全通道数据进行数字签名(如果可能)类型:REG_DWORD数据:0=停用1=启用值名ealSecureChannel含义:安全通道: 对安全通道数据进行数字加密(如果可能)类型:REG_DWORD数据:0=停用1=启用值名:RequireSignOrSeal含义:安全通道: 对安全通道数据进行数字加密或签名(总是)类型:REG_DWORD数据:0=停用1=启用值名:RequireStrongKey含义:安全通道: 需要强 (Windows 2000 或以上版本)会话密钥类型:REG_DWORD数据:0=停用1=启用[MACHINE\Software\[M$]\DriverSigning]值名olicy含义:未签名驱动程序的安装操作类型:REG_BINARY数据:0=默认安装1=允许安装但发出警告2=禁止安装[MACHINE\Software\[M$]\Non-DriverSigning]值名olicy含义:未签名非驱动程序的安装操作类型:REG_BINARY数据:0=默认安装1=允许安装但发出警告2=禁止安装[MACHINE\Software\[M$]\Windows\CurrentVersion\Policies\System] 值名isableCAD含义:禁用按CTRL+ALT+DEL进行登录的设置类型:REG_DWORD数据:0=停用1=启用值名ontDisplayLastUserName含义:登录屏幕上不要显示上次登录的用户名类型:REG_DWORD数据:0=停用1=启用值名:LegalNoticeCaption含义:用户试图登录时消息标题类型:REG_SZ数据:标题文本值名:LegalNoticeText含义:用户试图登录时消息文字类型:REG_SZ数据:消息文字值名hutdownWithoutLogon含义:登录屏幕上不要显示上次登录的用户名类型:REG_DWORD数据:0=停用1=启用[MACHINE\Software\[M$]\WindowsNT\CurrentVersion\Setup\RecoveryConsole] 值名ecurityLevel含义:故障恢复控制台:允许自动系统管理级登录类型:REG_DWORD数据:0=停用1=启用值名etCommand含义:故障恢复控制台:允许对所有驱动器和文件夹进行软盘复制和访问类型:REG_DWORD数据:0=停用1=启用[MACHINE\Software\[M$]\WindowsNT\CurrentVersion\Winlogon]值名:AllocateCDRoms含义:只有本地登录的用户才能访问CD-ROM类型:REG_SZ数据:0=停用1=启用值名:AllocateDASD含义:允许弹出可移动 NTFS媒体类型:REG_SZ数据:0=Administrators1=Administrators 和 Power users2=Administrators 和 Interactiveusers值名:AllocateFloppies含义:只有本地登录的用户才能访问软盘类型:REG_SZ数据:0=停用1=启用值名:CachedLogonsCount含义:可被缓冲保存的前次登录个数(在域控制器不可用的情况下)类型:REG_SZ数据:次数,如10次值名asswordExpiryWarning含义:在密码到期前提示用户更改密码类型:REG_DWORD数据:天数,缺省是14天值名cRemoveOption含义:智能卡移除操作类型:REG_SZ数据:0=无操作1=锁定工作站2=强制注销==================================================================== ===========组策略用户配置管理模板与注册表对应键值一.组策略用户配置管理模板Windows组件《Windows Update》[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesWind owsUpdate]"DisableWindowsUpdateAccess"=dword:00000001（删除使用所有Windows Update功能的访问）（至少WINXP）《组策略用户配置管理模板任务栏和开始菜单》[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesExpl orer]"NoSimpleStartMenu"=dword:00000001（强制典型菜单）（至少WINXP）"NoCommonGroups"=dword:00000001（从开始->程序菜单删除公共程序组）（至少WIN2000）"NoSMMyDocs"=dword:00000001（从开始->文档菜单删除我的文档图标）（至少WIN2000）"NoNetworkConnections"=dword:00000001（从开始->设置菜单删除网络连接）（至少WIN2000）"NoSMMyPictures"=dword:00000001（从开始菜单中删除"图片收藏"图标）（至少WINXP）"ForceStartMenuLogOff"=dword:00000001（强制开始菜单显示注销）（至少WIN2000）"Intellimenus"=dword:00000001（禁止个性化菜单）（至少WIN2000）"NoInstrumentation"=dword:00000001（关闭用户跟踪）（至少WIN2000）[注]这个设置防止系统跟踪用户使用的程序、用户导航的路径和用户打开的文档。

windows事件id及解释大全Win+R打开运行，输入“eventvwr.msc”，回车运行，打开“事件查看器”；或者右键我的电脑-管理-系统工具-事件查看器。

在事件查看器中右键单击系统或安全日志，选择筛选当前日志，在筛选器中输入下列事件ID即可。

日志路径：C:\Windows\System32\winevt\Logs查看日志：Security.evtx、System.evtx、Application.evtx常用安全事件ID:系统：1074，通过这个事件ID查看计算机的开机、关机、重启的时间以及原因和注释。

6005，表示计算机日志服务已启动，如果出现了事件ID为6005，则表示这天正常启动了系统。

104，这个时间ID记录所有审计日志清除事件，当有日志被清除时，出现此事件ID。

安全：4624，这个事件ID表示成功登陆的用户，用来筛选该系统的用户登陆成功情况。

4625，这个事件ID表示登陆失败的用户。

4720,4722,4723,4724,4725,4726,4738,4740,事件ID表示当用户帐号发生创建，删除，改变密码时的事件记录。

4727,4737,4739,4762,事件ID表示当用户组发生添加、删除时或组内添加成员时生成该事件。

————————————————EVENT_ID安全事件信息1100-----事件记录服务已关闭1101-----审计事件已被运输中断。

1102-----审核日志已清除1104-----安全日志现已满1105-----事件日志自动备份1108-----事件日志记录服务遇到错误4608-----Windows正在启动4609-----Windows正在关闭4610-----本地安全机构已加载身份验证包4611-----已向本地安全机构注册了受信任的登录进程4612-----为审计消息排队分配的内部资源已经用尽，导致一些审计丢失。

4614-----安全帐户管理器已加载通知包。

Windows安全组件：访问控制的判断（Discretion access control）允许对象所有者可以控制谁被允许访问该对象以及访问的方式。

对象重用（Object reuse）当资源（内存、磁盘等）被某应用访问时，Windows 禁止所有的系统应用访问该资源，这也就是为什么无法恢复已经被删除的文件的原因。

强制登陆（Mandatory log on）要求所有的用户必须登陆，通过认证后才可以访问资源审核（Auditing）在控制用户访问资源的同时，也可以对这些访问作了相应的记录。

对象的访问控制（Control of access to object）不允许直接访问系统的某些资源。

必须是该资源允许被访问，然后是用户或应用通过第一次认证后再访问。

Windows安全子系统：安全子系统包括以下部分：WinlogonGraphical Identification and Authentication DLL (GINA) Local Security Authority(LSA) Security Support Provider Interface(SSPI) Authentication PackagesSecurity support providers Netlogon ServiceSecurity Account Manager(SAM) Winlogon and Gina:Winlogon调用GINA DLL，并监视安全认证序列。

而GINA DLL提供一个交互式的界面为用户登陆提供认证请求。

GINA DLL被设计成一个独立的模块，当然我们也可以用一个更加强有力的认证方式（指纹、视网膜）替换内置的GINA DLL。

Winlogon在注册表中查找\HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon ，如果存在GinaDLL键，Winlogon将使用这个DLL，如果不存在该键，Winlogon将使用默认值MSGINA.DLL本地安全认证（Local Security Authority）：本地安全认证（LSA）是一个被保护的子系统，它负责以下任务：调用所有的认证包，检查在注册表\HKLM\SYSTEM\CurrentControlSet\Control\LSA下AuthenticationPAckages下的值，并调用该DLL进行认证（MSV_1.DLL）。

windows权限设置api函数例子在现代计算机系统中，操作系统的权限设置是非常重要的。

权限设置可以限制用户对系统资源的访问权限，保障系统的安全性和稳定性。

在Windows操作系统中，有许多API函数可以用来进行权限设置。

本文将介绍一些常用的Windows权限设置API函数，并给出相应的例子。

一、获取和修改进程的访问权限1. OpenProcess函数OpenProcess函数可以用来打开一个已存在的进程，并返回一个进程的句柄。

通过这个句柄，我们可以获得进程的访问权限，进而进行相应的操作。

2. AdjustTokenPrivileges函数AdjustTokenPrivileges函数可以修改当前进程的访问权限。

通过该函数，我们可以添加或删除特定的权限，以满足我们的需求。

例如，我们可以使用以下代码获取当前进程的访问权限：HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, GetCurrentProcessId());接下来，我们可以使用以下代码修改当前进程的访问权限：DWORD dwOldPrivileges;TOKEN_PRIVILEGES tokenPrivileges;LookupPrivilegeValue(NULL, SE_DEBUG_NAME,&(tokenPrivileges.Privileges[0].Luid));tokenPrivileges.PrivilegeCount = 1;tokenPrivileges.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;AdjustTokenPrivileges(hProcess, FALSE, &tokenPrivileges,sizeof(TOKEN_PRIVILEGES), NULL, &dwOldPrivileges);二、获取和修改文件的访问权限1. CreateFile函数CreateFile函数可以用来打开或创建一个文件，并返回一个文件的句柄。

ntdsutil 参数
NTDSUtil是Windows操作系统中的一个命令行实用程序，用于
管理Active Directory数据库。

它提供了一系列的子命令和参数，
用于执行各种操作，包括数据库维护、备份和恢复、元数据清理等。

以下是一些常用的NTDSUtil参数和其功能：
1. activate instance <instanceName>，激活指定的Active Directory数据库实例。

2. files，管理数据库文件，包括移动、重命名、清理等操作。

3. ifm，创建和管理Install From Media (IFM)备份，用于快
速安装域控制器。

4. metadata cleanup，清理Active Directory中的废弃域控
制器或对象的元数据。

5. roles，管理域控制器的各种角色，如域命名主控制器（DNC）、模式主控制器（SDC）等。

6. semantic database analysis，执行语义数据库分析，用于识别和解决Active Directory数据库中的问题。

7. snapshot，创建和管理数据库快照，用于备份和恢复操作。

8. compact to <databasePath>，将数据库文件压缩到指定路径，以减小数据库文件大小。

这些参数可以帮助管理员对Active Directory数据库进行各种管理和维护操作，确保其正常运行和安全性。

当然，使用NTDSUtil 命令需要管理员权限，并且需要谨慎操作，以免造成意外损坏或数据丢失。

希望以上信息能够对你有所帮助。

Windows事件ID⼤全ID类型来源代表的意义举例解释2信息Serial在验证 \Device\Serial1 是否确实是串⾏⼝时，系统检测到先进先出⽅式(fifo)。

将使⽤该⽅式。

17错误W32Time时间提供程序 NtpClient: 在 DNS 查询⼿动配置的对等机器 ',0x1' 时发⽣⼀个错误。

NtpClient 将在 15 分钟内重试 NDS 查询。

错误为: 套接字操作尝试⼀个⽆法连接的主机。

(0x80072751)20警告Print已经添加或更新 Windows NT x86 Version-3 的打印机驱动程序 Canon PIXMA iP1000。

⽂件:- CNMDR6e.DLL,CNMUI6e.DLL, CNMCP6e.DLL, CNMMH6e.HLP, CNMD56e.DLL, CNMUR6e.DLL, CNMSR6e.DLL,CNMIN6e.INI, CNMPI6e.DLL, CNMSM6e.EXE, CNMSS6e.SMR, CNMSD6e.EXE, CNMSQ6e.EXE,CNMSH6e.HLP, CNMSH6e26信息ApplicationPopup弹出应⽤程序: Rsaupd.exe - ⽆法找到组件: 没有找到 MFC71.DLL，因此这个应⽤程序未能启动。

重新安装应⽤程序可能会修复此问题。

29错误W32Time时间服务提供程序 NtpClient 配置为从⼀个或多个时间源获得时间，但是，没有⼀个源可以访问。

在 14 分钟内不会进⾏联系时间源的尝试。

NtpClient 没有准确时间的时间源。

35信息W32Time时间服务现在⽤时间源 (ntp.m|0x1|192.168.1.208:123->207.46.197.32:123) 同步系统时间。

115信息SRService系统还原监视在所有驱动器上启⽤。

116信息SRService系统还原监视在所有驱动器上禁⽤。

Credential Provider（凭证提供者）是一种用于收集和序列化凭据的COM对象，运行在本地系统上下文中。

Credential Provider与Logon UI和Winlogon交互，帮助收集和处理凭据。

用户按下SAS（安全启动）的三个键后，Winlogon命令Logon UI显示各个Credential Provider的选项，Logon UI查询各个Credential Provider。

Credential Provider 可以选择某个登陆界面作为默认。

枚举完所有的登陆界面后，Logon UI显示给用户，用户选择一个进行登陆，然后Logon UI提交凭据信息。

Credential Provider可以扩展，允许用户通过生物识别（指纹、声音、视网膜）、密码、PIN、智能卡或任何自定义的认证包进行身份验证。

企业和IT部门可能为域用户开发和部署自定义的认证机制。

Credential Provider不是强制的机制，它是用于采集和序列化凭据的，而LSA和authentication packages才强制安全。

Credential Provider可能设计成用于SSO（单点登录）、认证用户到一个安全的网络访问点。

Credential Provider也可以设计成用于某个特定程序的凭据采集，或者用于网络资源或加域的认证，以及提供UAC（用户帐户控制）的管理员权限提示。

总的来说，Credential Provider原理主要是通过与Logon UI和Winlogon交互，收集和处理用户输入的凭据信息，并提供一种身份认证的方式，以实现安全登录和访问控制。

Windows效劳有“备”无患效劳器教程电脑资料window对Windows效劳的备份一般要分成两局部进行备份：状态信息备份和数据备份。

Windows效劳的状态信息备份需要通过手工备份表相应的工程来完成，一般是一次可以备份全部的Windows效劳状态信息；而效劳数据的备份，那么需要单独进行，可以使用手工方式、效劳自身提供的工具或者使用第三方软件来完成。

备份效劳状态信息各种Windows效劳的状态信息一般都是存储在表的“HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services”工程下，网管可以通过备份该工程，来完成对Windows效劳的状态信息的备份。

在Windows效劳器提供的各种效劳正常运行状态下，点击“开始→运行”，在运行对话框中输入“regedit”命令后回车，在表器对话框中依次展开“HKEYLOCALMACHINE\SYSTEM\CurrentControlSet\Services”工程。

各种Windows效劳的状态信息就存储在“Services”工程中，网管只要将此工程的内容备份出来即可。

备份操作非常简单，在表器中选中“Services”工程，然后点击主菜单栏中的“文件→导出”选项，弹出“导出表文件”对话框，为该备份文件起个名字，指定好存放路径后，最后点击“保存”按钮，完成Windows效劳状态信息的备份。

当某些效劳的状态信息出现问题时，只要双击该备份文件，将备份的状态信息重新导入表即可。

效劳数据信息备份对于效劳数据信息的备份，网管那么要单独进行备份操作，一次只能完成一种Windows效劳数据信息的备份。

对于Windows系统提供的如此多的效劳类型，笔者将以IIS效劳、DHCP效劳以及磁盘配额等为例，介绍如何单独对它们的数据信息进行备份。

1． IIS效劳IIS效劳器中内置了备份和复原工具，利用该功能可以快速地完本钱地IIS效劳器数据信息的备份和复原工作。

windows身份验证方法的协议Windows身份验证方法的协议主要有以下几种：1. NTLM协议（NT LAN Manager）：NTLM协议是Windows领域中最常用的身份验证协议之一、它使用单向哈希函数来计算用户密码的散列值，并将其保存在本地安全数据库中。

当用户尝试登录时，他们输入的密码将被哈希并与数据库中存储的散列值进行比较，以验证其身份。

NTLM协议支持Windows NT、Windows 2000、Windows XP等操作系统。

2. Kerberos协议：Kerberos是一种网络身份验证协议，用于验证客户端和服务器之间的身份。

它使用一个可信的第三方身份验证服务来生成和验证票据。

在Windows域环境中，Kerberos协议一直是主要的身份验证协议，用于用户的网络身份验证和授权。

Kerberos协议通过票据颁发机构（TGT）来验证用户身份，以获取访问网络资源的票据。

3. Digest协议：Digest协议是一种基于哈希的身份验证协议，用于在客户端和服务器之间进行安全的通信。

在Windows中，Digest协议可用于进行Web应用程序的身份验证。

它通过传输安全散列摘要来验证用户身份，而不是传输用户的实际密码。

Digest协议使用散列算法对用户密码进行哈希，并提供了一种加密机制，以防止未经授权的访问。

4.SSL/TLS协议：SSL（Secure Sockets Layer）和TLS（Transport Layer Security）是一种常用的加密协议，用于保护客户端和服务器之间的通信。

它们提供了身份验证、数据加密和完整性校验等安全功能。

在Windows中，SSL/TLS协议可用于对网站进行身份验证和保护敏感数据，如信用卡信息和个人资料。

5. Smart Card协议：Smart Card协议是一种使用智能芯片卡进行身份验证的协议。

在Windows中，通过插入智能卡读卡器并插入智能卡，用户可以使用智能卡进行登录。

WinRM（Windows Remote Management）是一种远程管理工具，用于管理和配置远程Windows机器。

以下是一个使用WinRM的案例：假设我们需要远程管理一台名为"server1"的Windows服务器。

首先，我们需要确保WinRM服务在服务器上已启用。

可以通过运行以下命令来快速配置WinRM服务：arduinowinrm quickconfig然后，我们需要设置一个凭据，以便能够远程访问该服务器。

可以使用以下命令设置凭据：phpwinrm set winrm/config/client/auth @{Basic="true"}接下来，我们可以使用WinRM来远程执行命令、运行脚本或查询系统信息。

例如，以下命令将查看服务器上的所有目录：bashwinrm run winrm/config/service @{AllowUnencrypted="true"}另外，我们还可以使用PowerShell与WinRM结合，以执行更复杂的任务。

例如，以下命令将远程运行一个PowerShell脚本：csswinrm run winrm/config/service @{AllowUnencrypted="true"} -cmd "powershell -ExecutionPolicy RemoteSigned -file C:\path\to\script.ps1"通过以上步骤，我们可以使用WinRM来远程管理Windows服务器。

请注意，在使用WinRM进行远程管理时，需要谨慎操作，并确保遵循最佳实践和安全准则。

`GetSecurityDescriptorSacl`是一个Windows操作系统的API函数，它用于获取一个安全描述符（Security Descriptor）的访问控制列表（Access Control List，ACL）。

安全描述符是Windows操作系统中用于描述对象安全属性的数据结构。

它包括了一些字段，如所有者、组、权限等，用于确定谁可以访问某个对象，以及可以对对象执行哪些操作。

访问控制列表是一种数据结构，用于确定哪些用户或组可以对某个对象进行访问，以及可以进行的访问类型。

`GetSecurityDescriptorSacl`函数接受一个安全描述符的指针作为参数，并返回一个指向访问控制列表的指针。

如果访问控制列表不存在，则返回NULL。

下面是`GetSecurityDescriptorSacl`函数的函数原型：```cPSECURITY_DESCRIPTOR_RELATIVE GetSecurityDescriptorSacl(PSECURITY_DESCRIPTOR pSecurityDescriptor,BOOL fDefaulted,PACL *ppAcl,BOOL *pfSaclPresent,BOOL *pfDefaulted);```参数说明：* `pSecurityDescriptor`：指向安全描述符的指针。

* `fDefaulted`：指定访问控制列表是否已被默认值所修改。

* `ppAcl`：返回一个指向访问控制列表的指针。

* `pfSaclPresent`：返回一个布尔值，指示访问控制列表是否存在。

* `pfDefaulted`：返回一个布尔值，指示访问控制列表是否已被默认值所修改。

使用示例：```c++PSECURITY_DESCRIPTOR pSecurityDescriptor;PACL pAcl;BOOL fSaclPresent, fDefaulted;// 获取安全描述符的访问控制列表if (GetSecurityDescriptorSacl(pSecurityDescriptor, FALSE, &pAcl, &fSaclPresent, &fDefaulted)) {// 访问控制列表存在，可以进一步处理pAcl指针} else {// 访问控制列表不存在或发生错误}```。