Давайте по порядку.
Зарегистрировать сервис без указания учетной записи можете? т.е. запуск по умолчанию С системной учетной записью.
да, инсталлятор повышает свои привилегии до локального админа и устанавливает сервис под локальным системным конто.
Но прав этого конто недостаточно для последующей регистрации компонентов и доступа к сети. Далее этот сервис уже использует основная программа инсталляции. Основная идея избавить фирмы от постоянного ввода пароля администратора при обновлениях итп и всё делать через сервис который один раз был ранее зарегистрирован.
Попробовал регистрировать пользователя через NetUserAdd, это работает в случае USER_PRIV_USER но если пробую USER_PRIV_ADMIN то получаю назад 87 код что я так понимаю "ошибка параметра"). Пока пришлось отложить в сторону, но сегодня буду копать дальше:
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
11.
12.
13.
14.
15.
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26.
27.
28.
29.
30.
31.
32.
33.
34.
35.
36.
37.
38.
39.
40.
41.
42.
43.
44.
45.
46.
47.
48.
49.
50.
51.
52.
53.
54.
55.
56.
57.
58.
59.
60.
61.
62.
63.
64.
65.
66.
67.
68.
69.
70.
71.
72.
73.
74.
75.
76.
77.
78.
79.
80.
81.
82.
83.
84.
85.
86.
87.
88.
89.
90.
91.
92.
93.
94.
95.
96.
97.
98.
99.
100.
101.
102.
103.
104.
105.
106.
107.
108.
109.
110.
111.
112.
113.
114.
115.
116.
117.
118.
119.
120.
unit TestNetUserAdd;
interface
uses
Winapi.Windows, Winapi.Messages, System.SysUtils, System.Variants, System.Classes, Vcl.Graphics,
Vcl.Controls, Vcl.Forms, Vcl.Dialogs, StdCtrls;
type
TForm1 = class(TForm)
Button1: TButton;
procedure Button1Click(Sender: TObject);
private
{ Private-Deklarationen }
public
{ Public-Deklarationen }
end;
LPUSER_INFO_2 = ^USER_INFO_2;
{$EXTERNALSYM LPUSER_INFO_2}
PUSER_INFO_2 = ^USER_INFO_2;
{$EXTERNALSYM PUSER_INFO_2}
_USER_INFO_2 = record
usri2_name: LPWSTR;
usri2_password: LPWSTR;
usri2_password_age: DWORD;
usri2_priv: DWORD;
usri2_home_dir: LPWSTR;
usri2_comment: LPWSTR;
usri2_flags: DWORD;
usri2_script_path: LPWSTR;
usri2_auth_flags: DWORD;
usri2_full_name: LPWSTR;
usri2_usr_comment: LPWSTR;
usri2_parms: LPWSTR;
usri2_workstations: LPWSTR;
usri2_last_logon: DWORD;
usri2_last_logoff: DWORD;
usri2_acct_expires: DWORD;
usri2_max_storage: DWORD;
usri2_units_per_week: DWORD;
usri2_logon_hours: PBYTE;
usri2_bad_pw_count: DWORD;
usri2_num_logons: DWORD;
usri2_logon_server: LPWSTR;
usri2_country_code: DWORD;
usri2_code_page: DWORD;
end;
{$EXTERNALSYM _USER_INFO_2}
USER_INFO_2 = _USER_INFO_2;
{$EXTERNALSYM USER_INFO_2}
TUserInfo2 = USER_INFO_2;
PUserInfo2 = puser_info_2;
function NetUserAdd(ServerName: LPCWSTR; Level: DWORD;
Buff: PByte; var Parm_Err: DWORD): DWORD; stdcall;
external 'netapi32.dll';
var
Form1: TForm1;
implementation
{$R *.dfm}
procedure TForm1.Button1Click(Sender: TObject);
const
NERR_Success = 0;
ERROR_ACCESS_DENIED = 5; //The user does not have access to the requested information.
NERR_InvalidComputer = 2351; //The computer name is invalid.
NERR_NotPrimary = 2226; //The operation is allowed only on the primary domain controller of the domain.
NERR_GroupExists = 2223; //The group already exists.
NERR_UserExists = 2224; //The user account already exists.
NERR_PasswordTooShort = 2245; //The password is shorter than required. (The password could also be too long, be too recent in its change history, not have enough unique characters, or not meet another password policy requirement.)
ERROR_INVALID_PARAMETER = 87; //The parameter is incorrect.
USER_PRIV_GUEST = 0;
USER_PRIV_USER = 1;
USER_PRIV_ADMIN = 2;
UF_SCRIPT = $0001;
UF_DONT_EXPIRE_PASSWD = $10000;
var
Status: Integer;
UserInfo: TUserInfo2;
Parm_Err: DWORD;
begin
ZeroMemory(@UserInfo, SizeOf(TUserInfo2));
UserInfo.usri2_name := 'TestInstallUser';
UserInfo.usri2_password := 'IchBinTestInstalService0#';
UserInfo.usri2_priv := USER_PRIV_USER; //USER_PRIV_USER USER_PRIV_ADMIN
UserInfo.usri2_flags := UF_SCRIPT or UF_DONT_EXPIRE_PASSWD;
// https://docs.microsoft.com/en-us/windows/win32/api/lmaccess/nf-lmaccess-netuseradd
Status := NetUserAdd(nil, 2, @UserInfo, Parm_Err);
case Status of
NERR_Success:
ShowMessage('User erfolgreich created.');
ERROR_ACCESS_DENIED: //The user does not have access to the requested information.
ShowMessage('ERROR: The user does not have access to the requested information.');
NERR_InvalidComputer: //The computer name is invalid.
ShowMessage('ERROR: The computer name is invalid.');
NERR_NotPrimary: //The operation is allowed only on the primary domain controller of the domain.
ShowMessage('ERROR: The operation is allowed only on the primary domain controller of the domain.');
NERR_GroupExists: //The group already exists.
ShowMessage('ERROR: The group already exists.');
NERR_UserExists: //The user account already exists.
ShowMessage('ERROR: The user account already exists.');
NERR_PasswordTooShort: //The password is shorter than required. (The password could also be too long, be too recent in its change history, not have enough unique characters, or not meet another password policy requirement.)
ShowMessage('ERROR: The password is shorter than required. (The password could also be too long, be too recent in its change history, not have enough unique characters, or not meet another password policy requirement.');
ERROR_INVALID_PARAMETER: //The parameter is incorrect.
ShowMessage('ERROR: The parameter is incorrect.');
else
RaiseLastOSError;
end;
end;
end.
