INFO: Services and Redirected Drives
服務程序和重定向驅動器
SUMMARY
摘要
A service should not directly access local or network resources through mapped drive letters. Additionally, a service should not use the WNetXXXXXXX APIs to add, remove, or query any mapped drive letters. Although the WNetXXXXXXX APIs may return successfully, the results will be incorrect. A service (or any process that is running in a different security context) that must access a remote resource should use the Universal Naming Convention (UNC) name to access the resource. UNC names do not suffer from the limitations described in this article.
服務程序不能直接通過映射驅動器盤符(如:H:)訪問本地或網絡資源。另外,服務程序也不能使用WNetXXXXXXX APIs添加、移除或查詢任何映射驅動器盤符。通過WNetXXXXXXX APIs也許會返回成功,而實際結果卻並不正確。服務(或任何運行於不同security上下文的進程)一定要訪問遠程資源的話,應該使用通用命名規則(UNC, Universal Naming Convention)名稱。UNC名不受本文所描述的限制的影響。
MORE INFORMATION
更多信息
When the system establishes a redirected drive, it is stored on a per-user basis. Only the user himself can manipulate the redirected drive. The system keeps track of redirected drives based on the user's Logon Security Identifier (SID). The Logon SID is a unique identifier for the user's Logon Session. A single user can have multiple, simultaneous logon sessions on the system.
系統建立一個重定向驅動器時,它被存儲在per-user basis(不清楚,各用戶基本信息表?)中。只有用戶自身可以操作重定向驅動器。系統通過用戶登錄安全標識符(SID, Security Identifier)信息,保持對重定向驅動器的追蹤。登錄SID是用戶登錄會話的唯一標識符,單個用戶在系統中可以有多個併發的登錄會話。
If a service is configured to run under a user account, the system will always create a new logon session for the user and then launch the service in that new logon session. Thus, the service cannot manipulate the drive mappings that are established within the user's other session(s).
如果服務被註冊運行在某個用戶賬號下,系統將會爲該用戶創建一個新的登錄會話,並在這個新會話中運行此服務。因此,該服務不能操作該用戶在其他會話中所建立的驅動器映射。
Redirected Drives on Microsoft Windows NT and Microsoft Windows 2000
基於Microsoft Windows NT和2000系統的重定向驅動器
On Windows NT and on Windows 2000, drive letters are global to the system. All users on the system share the letters A-Z. Each user does not get their own set of drive letters. This means a user can access the redirected drives of another user if they have the appropriate security access.
在Windows NT和Windows 2000中,驅動器盤符對於系統是全局的,系統的所有用戶共享盤符A-Z。每個用戶不保有專屬於自己的驅動器集合,這意味着如果擁有適當的安全使用權,用戶就能夠訪問另一用戶的重定向驅動器。
If a user tries to redirect a drive letter that is used by another user (such as WNetAddConnection2()), the error ERROR_ALREADY_ASSIGNED will be returned. Although the redirected drive is global to all users, only the user who established it can manipulate it. Another example is if a user tries to remove or query information on a redirected drive that was established by a different user. The WNetGetConnection() function and the WNetCancelConnection2() function will return the following error message:
ERROR_NOT_CONNECTED
如果用戶試圖重定向一個已被其他用戶所使用的驅動器盤符(如WNetAddConnection2()),將返回錯誤ERROR_ALREADY_ASSIGNED。儘管重定向驅動器對於所有用戶是全局的,也只有創建它的用戶才能對它進行操作。另一個事例是如果一個用戶試圖移除或查詢一個由另一個用戶建立的重定向驅動器時,WNetGetConnection()和WNetCancelConnection2()函數將返回錯誤信息:ERROR_NOT_CONNECTED
If a user tries to enumerate the list of redirected drives through WNetOpenEnum() and WNetEnumResource(), the functions only list redirected drives that were established by that user. Drives that were redirected by other users will not be visible.
如果用戶試圖通過WNetOpenEnum()和WNetEnumResource()函數枚舉重定向驅動器列表時,只會列出由該用戶建立的重定向驅動器,而其他用戶所建立的是非可見的。
Windows NT File Manager and Windows NT Explorer can see all the redirected drives because they call the GetDriveType() function on each drive, and they display an icon for each drive that is found. Windows NT File Manager and Windows NT Explorer create an icon for redirected drives that are created by all users because drive letters are global to the system. However, the interactive user cannot use Windows NT File Manager or Windows NT Explorer to disconnect the drive because the drive was created in a different logon session.
Windows NT文件管理器和Windows NT Explorer能“看見”所有的重定向驅動器,它們對每個驅動器調用GetDriveType()函數,並顯示所有驅動器的圖標。Windows NT文件管理器和Windows NT Explorer爲所有用戶創建的重定向驅動器都生成一個圖標,因爲驅動器盤符是全局的。但是,交互用戶不能使用Windows NT File Manager或Windows NT Explorer重定向驅動器之斷開連接,因爲這些驅動器是在不同的登錄會話中建立的。
If a service that is running in the LocalSystem security context establishes a drive mapping, only that service or another process running in the LocalSystem account can call WNetCancelConnection2() to disconnect the drive.
如果一個運行在本地系統security上下文的服務建立一個驅動器映射,只有該服務或者其它運行在本地系統賬戶下的進程才能通過調用WNetCancelConnection2()切斷與該驅動器的連接。
Note All processes that are running in the LocalSystem account are running in the same logon session.
注意:所有運行在本地系統賬戶下的進程都運行於相同的登錄會話中。
Redirected Drives on Microsoft Windows XP
基於Microsoft Windows XP的重定向驅動器
On Windows XP and on Microsoft Windows Server 2003, each logon session receives its own set of drive letters, A through Z. Therefore, redirected drives cannot be shared between processes that are running under different user accounts. Additionally, a service (or any process that is running in its own logon session) cannot access the drive letters that are established in a different logon session. However, drive letters that are mapped from a service that is running under the local System account are visible to all logon sessions.
在Windows XP和Microsoft Windows Server 2003系統中,每個登錄會話接收它自己的驅動器盤符集,從A到Z。因此,重定向驅動器無法在運行於不同用戶帳戶中的進程之間共享。另外,一個服務(或任何運行於自身登錄會話的進程)不能訪問不同登錄會話中所建立的驅動器盤符。但是,由運行在本地系統帳戶下的服務所映射的驅動器盤符,對於所有登錄會話都是可見的。
MSDN原文地址:
http://support.microsoft.com/kb/180362/en-us