如果您對Windows如何在引擎蓋下執行感到好奇和了解更多,那麼您可能會發現自己在想,當沒有人登入Windows時,哪個“帳戶”活動程序正在執行。有鑑於此,今天的超級使用者問答帖子為好奇的讀者提供了答案。
今天的問答環節是由SuperUser提供的,SuperUser是Stack Exchange的一個分支,是一個由社群驅動的問答網站分組。
超級使用者讀者Kunal Chopra想知道無人登入時Windows使用的是哪個帳戶:
When no one is logged into Windows and the log in screen is displayed, which user account are the current processes running under (video & sound drivers, login session, any server software, accessibility controls, etc.)? It cannot be any user or the previous user because no one is logged in.
What about processes that have been started by a user but continue to run after logging off (for example, HTTP/FTP servers and other networking processes)? Do they switch over to the SYSTEM account? If a user-started process is switched over to the SYSTEM account, then that indicates a very serious vulnerability. Does such a process run by that user continue to run under that user’s account somehow after they have logged off?
Is this why the SETHC hack allows you to use CMD as SYSTEM?
沒有人登入時,Windows使用哪個帳戶?
超級使用者貢獻者grawity為我們提供了答案:
When no one is logged into Windows and the log in screen is displayed, which user account are the current processes running under (video & sound drivers, login session, any server software, accessibility controls, etc.)?
Almost all drivers run in kernel mode; they do not need an account unless they start user-space processes. Those user-space drivers run under SYSTEM.
With regard to the login session, I am sure that it uses SYSTEM as well. You can see logonui.exe using Process Hacker or SysInternals Process Explorer. In fact, you can see everything that way.
As for server software, see Windows services below.
What about processes that have been started by a user but continue to run after logging off (for example, HTTP/FTP servers and other networking processes)? Do they switch over to the SYSTEM account?
There are three kinds here:
If a user-started process is switched over to the SYSTEM account, then that indicates a very serious vulnerability.
It is not a vulnerability because you must already have Administrator privileges to install a service. Having Administrator privileges already lets you do practically everything.
See Also: Various other non-vulnerabilities of the same kind.
請務必透過下面的執行緒連結閱讀此有趣討論的其餘部分!
有什麼要補充的解釋嗎?在評論中發出聲音。想從其他精通技術的Stack Exchange使用者那裡瞭解更多答案嗎?在這裡檢視完整的討論主題。
...**或其他計算機上,嘗試使用您在PC上使用的Microsoft帳戶登入。請確保您在此處鍵入的電子郵件沒有錯誤。如果您仍然無法進入,請繼續重置您的Microsoft密碼。請轉到Microsoft密碼重置頁面開始;您甚至可以在秋季建立者更新的登...
...料,請單擊第一個螢幕上的下一步以使用您的帳戶。若要登入到另一個帳戶,請單擊“我不是[帳戶]”。 ...
...rosoft帳戶(可能您的鍵盤有卡住的鍵或類似的東西)。去登入.live.com在您的**或其他計算機上,嘗試使用您在PC上使用的Microsoft帳戶登入,確保您沒有鍵入任何錯誤。 ...
...應用程式並登入您的TeamViewer帳戶。 查詢“無人参與訪問”標題並單擊三個檢查中的每一個,以便使您的Mac即使在您不使用時也可用。 ...
...一個Microsoft帳戶。 請確保使用Microsoft帳戶登入Windows:轉到“開始”>“設定”>“帳戶”>“您的資訊”以更改登入方式。 註冊您的Windows 10計算機:轉到“開始”>“設定”&a...
...料。如果你沒有看到這個選項,你需要先用你的Google帳戶登入Chrome。 ...
...是GeForce體驗也是一個更重的應用程式,需要您使用帳戶登入。你甚至必須用一個帳戶登入才能獲得驅動程式更新。如果你想安裝你的驅動程式的經典方式只是驅動程式本身和NVIDIA控制面板工具你可以。 如何在沒有geforce經驗的情...
...請或授權支援人員親自訪問,遠端訪問工具的設計考慮到無人值守訪問。 這就是為什麼保護您的遠端訪問憑據並且永遠不要與其他人共享它們很重要的原因。如果其他人可以訪問您的機器,他們可以在您不知情的情況下輕鬆地...
...密碼” Microsoft new允許您透過“設定”>“帳戶”>“登入”頁面上的新選項“使裝置無密碼”。這聽起來很棒,很有未來感,但實際上這只是一個新的設定,需要你電腦上的每個人都使用PIN或其他Windows Hello登入方法(如人臉...