CN102594815B - Before register system, user right is set and performs method, the device of corresponding operating - Google Patents
Before register system, user right is set and performs method, the device of corresponding operating Download PDFInfo
- Publication number
- CN102594815B CN102594815B CN201210032505.7A CN201210032505A CN102594815B CN 102594815 B CN102594815 B CN 102594815B CN 201210032505 A CN201210032505 A CN 201210032505A CN 102594815 B CN102594815 B CN 102594815B
- Authority
- CN
- China
- Prior art keywords
- keeper
- administrator
- operating system
- user right
- authority
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000007726 management method Methods 0.000 description 19
- 238000012550 audit Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 5
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000005314 correlation function Methods 0.000 description 2
- 230000026676 system process Effects 0.000 description 2
- 238000009434 installation Methods 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
Before the invention discloses a kind of register system, user right be set and perform method, the device of corresponding operating, comprising: A) during os starting, utilize user right authentication module to judge whether there is administrator's authority; B) if judged result is for existing administrator's authority, then login authentication CMOS macro cell keeper operating system login interface; C) keeper carries out certification and corresponding operating by described keeper's operating system login interface, and does not enter operating system.The invention provides a kind of Windows user's authority setting method without login user operating system, when making the user with administrator's authority carry out corresponding operating to terminal, need not login user operating system.
Description
Technical field
The present invention relates to computer realm, before particularly relating to a kind of register system, user right is set and performs the method for corresponding operating and relevant device thereof.
Background technology
Under most of window (Windows) operating system, as Windows2000, WindowsXP and WindowsNT etc., due to the restriction of Windows operating system rights management mechanism, the installation of software, unloading and configuration change all need to have keeper (Administrator) user right, and in the management of information system, for terminal management class software, the consideration of management and safety for convenience, terminal use (User) only has normal user permission, therefore when the keeper of system needs to be configured change to terminal software, often need can carry out associative operation with Administrator user identity log into thr computer operating system.
After keeper is with Administrator user identity log into thr computer operating system, bring the problem of following several respects:
1, the log-on message of keeper will be recorded and audit, and especially for the information system host that security requirements is higher, audit is necessary, adds audit work amount to a certain extent;
2, keeper's log into thr computer will increase the hidden danger that computer internal information is divulged a secret;
3, keeper needs log into thr computer just can carry out associative operation, adds the complexity of keeper's work to a certain extent.
Therefore, keeper's configuration management etc. that log into thr computer operating system still can not carry out terminal software how is made to be treated as technical problem urgently to be resolved hurrily.
Summary of the invention
Arrange user right before the object of the present invention is to provide a kind of register system and perform method, the device of corresponding operating, can solve unavoidable keeper all the time better must the login user operating system problem that can manage terminal.
According to an aspect of the present invention, before a kind of register system provided by the invention, user right be set and perform the method for corresponding operating, comprising:
A) during os starting, user right authentication module is utilized to judge whether there is administrator's authority;
B) if judged result is for existing administrator's authority, then login authentication CMOS macro cell keeper operating system login interface is utilized;
C) keeper carries out certification and corresponding operating by described keeper's operating system login interface, and does not enter operating system.
Preferably, described steps A) be specially:
During os starting, whether user right authentication module sense terminals exists administrator's mark, and when detecting that described administrator identifies, determine to there is described administrator's authority.
Preferably, user right authentication module, by whether sense terminals being inserted with keeper's identity key, determines whether there is administrator's mark.
Preferably, described step B) be specially:
When user right authentication module determines to there is administrator's authority, login authentication module reads described keeper's identity key, and generates the keeper's operating system login interface comprising keeper's login authentication prompting frame and configuration management operation box.
Preferably, described step C) be specially:
Keeper utilizes described keeper's login authentication prompting frame and described configuration management operation box, carries out keeper's authentication, and carries out terminal configuration and do not enter operating system.
Preferably, described method also comprises:
D) if in described steps A) in, when user right authentication module determines to there is not administrator's authority, login authentication CMOS macro cell end users operation system login interface.
Preferably, described method also comprises:
E) described step D is performed) after, terminal use is entered by described end users operation system login interface and is used terminal.
According to another aspect of the present invention, before a kind of register system provided by the invention, user right be set and perform the device of corresponding operating, comprising:
User right authentication module, for during os starting, judges whether there is administrator's authority;
Login authentication module, for when for there is administrator's authority in the judged result of described user right authentication module, generate keeper's operating system login interface, make keeper carry out certification and corresponding operating by described keeper's operating system login interface, and do not enter operating system.
Preferably, described user right authentication module, by whether sense terminals being inserted with keeper's identity key, determines whether there is administrator's authority.
Preferably, described login authentication module is also for when for there is not administrator's authority in the judged result of described user right authentication module, generate end users operation system login interface, make terminal use enter by described end users operation system login interface and use terminal.
Compared with prior art, beneficial effect of the present invention is:
In the present invention, when keeper manages computer, without the need to login system, namely keeper need not log in Windows operating system, corresponding configuration management operation on computer can be completed, both can not leave the audit log that administrator logs in, and can not information-leakage have been caused again.
Accompanying drawing explanation
Fig. 1 is the Method And Principle figure arranging user right before the register system that provides of the embodiment of the present invention and perform corresponding operating;
Fig. 2 is each function call process schematic diagram in the GINADLL that provides of the embodiment of the present invention;
Fig. 3 is the method flow diagram arranging user right before the register system that provides of the embodiment of the present invention and perform corresponding operating;
Fig. 4 arranges user right before the register system that provides of the embodiment of the present invention and performs corresponding operating device block diagram.
Embodiment
Below in conjunction with accompanying drawing to a preferred embodiment of the present invention will be described in detail, should be appreciated that following illustrated preferred embodiment is only for instruction and explanation of the present invention, is not intended to limit the present invention.
Fig. 1 is the Method And Principle figure arranging user right before the register system that provides of the embodiment of the present invention and perform corresponding operating, when showing user's login interface in Windows os starting process, Windows has carried out all initial work for startup, comprises initialization and the loading of all hardware.Therefore when showing user's login interface by judging whether that computer has inserted keeper's key in advance, can judge whether to there is administrator's authority, and according to judged result, showing different user's login interfaces.When judged result is defined as there is administrator's authority, is supplied to the corresponding bookkeeping of keeper, as shown in Figure 1, comprises:
Step S101, during os starting, user right authentication module is utilized to judge whether there is administrator's authority.
During os starting, whether user right authentication module sense terminals exists administrator's mark, and when detecting that described administrator identifies, determine to there is described administrator's authority.Described user right authentication module, by whether sense terminals being inserted with keeper's identity key, determines whether there is administrator's mark.
Further, described user right authentication module can be by hard-wired module, also can be by the module of software simulating.
If step S102 judged result is for existing administrator's authority, then utilize login authentication CMOS macro cell keeper operating system login interface.
When user right authentication module determines to there is administrator's authority, login authentication module reads described keeper's identity key (being generally USB interface KEY form), and generates the keeper's operating system login interface comprising keeper's login authentication prompting frame and configuration management operation box.
Step S103, keeper carry out certification and corresponding operating by described keeper's operating system login interface, and do not enter operating system.
Keeper utilizes described keeper's login authentication prompting frame and described configuration management operation box, carries out keeper's authentication, and after the authentication has been successful, carries out the configuration management of terminal related software when not entering operating system.
If user right authentication module determines to there is not administrator's authority in above-mentioned steps S101, if when the user namely using terminal is the terminal use not possessing administration authority, login authentication CMOS macro cell comprises the end users operation system login interface of user name input frame and Password Input frame, and after terminal use correctly inputs its user and password, registration terminal operating system also uses terminal according to the relevant information of administrator configurations.
In the os starting process of WindowsNT/2000/2003, when window login (WinLogon) system program runs, Windows has completed all initial work needed for startup, comprises the loading, equipment manager initialization, registration table initialization etc. of the initialization of relevant device and startup, associated drives.Because interactively register loads graphical identification and authentication (GINA) dynamic link library file (Dll) by WinLogon system program and calls correlation function realization wherein.GINADll provides an interactively interface and provides authentication request for user logs in, and WinLogon meeting and GINADll carry out alternately, and default is MSGINA.Dll.Therefore, control can be obtained before WinLogon system process calls GINADLL, judge whether that computer has inserted keeper's key by the mode of the GINADll of rewriting system or the correlation function of replacement GINADLL, determine whether there is administrator's authority, thus make login authentication module show different user's login interfaces, and be supplied to the corresponding bookkeeping of keeper.Fig. 2 shows each function call process in GINADLL, and the main function used comprises:
Fig. 3 is the method flow diagram arranging user right before the register system that provides of the embodiment of the present invention and perform corresponding operating, and as shown in Figure 3, step comprises:
Step S201, start-up simulation machine.
After step S202, Windows operating system initialization complete, WinLogon process run duration, WinLogon invoke user purview certification module.
Step S203, user right authentication module is utilized to judge whether computer is inserted with keeper's identity key, if be inserted with keeper's identity key, be then judged as there is administrator's authority, and perform step S204, otherwise be judged as there is not administrator's authority, and perform step S207.
When computer being inserted with keeper's identity key, user right authentication module will detect that administrator identifies, thus judge to there is administrator's authority.
Step S204, when user right authentication module determines to there is administrator's authority, login authentication module reads keeper's identity key (being generally USB interface KEY form), and generating keeper's operating system login interface, described keeper's operating system login interface has keeper's login authentication prompting frame and configuration management operation box.
Step S205, keeper input related content, such as user name and/or password, and utilize configuration management operation box in described keeper's login authentication prompting frame, after administrator authentication success, carry out terminal configuration and do not enter operating system.
Step S206, keeper can select shut down computer or restart computer after completing configuration management operation.
If step S207 computer does not insert keeper's identity key, then user right authentication module determines to there is not administrator's authority, now, the normal graphical login authentication interface of login authentication module display, i.e. end users operation system login interface, comprises username and password prompting frame.
Step S208, terminal use log in after correct input username and password and use computer on described end users operation system login interface.
Fig. 4 arranges user right before the register system that provides of the embodiment of the present invention and performs corresponding operating device block diagram, as shown in Figure 4, comprising:
User right authentication module 301, for during os starting, judges whether there is administrator's authority.By whether sense terminals being inserted with keeper's identity key 300, whether sense terminals there is administrator's mark, thus determining whether there is administrator's authority in described user right authentication module 301.
Login authentication module 302, for when for there is administrator's authority in the judged result of described user right authentication module 301, generate keeper's operating system login interface, make keeper carry out certification and corresponding operating by described keeper's operating system login interface, and do not enter operating system.Described keeper's operating system login interface comprises keeper's login authentication prompting frame and configuration management operation box, keeper's login authentication prompting frame that keeper is provided by described login authentication module 302, input keeper authentication information, and by configuration management operation box that described login authentication module 302 provides, after the authentication has been successful, carry out terminal configuration bookkeeping and need not operating system be entered.
Further, described login authentication module 302 is also for when for there is not administrator's authority in the judged result of described user right authentication module 301, generate end users operation system login interface, make terminal use enter by described end users operation system login interface and use terminal.
The present invention, in os starting process, obtains control when WinLogon system process calls GINADLL.Now, relevant device drives loads, therefore described user right authentication module 301 is first utilized, it by identifying, whether computer inserts keeper's identity key 300 (being generally the form of USB interface Key), judge whether to there is administrator's authority, described login authentication module 302 provides different graphical login interfaces according to judged result.If computer inserts keeper's identity key 300, then display has keeper's operating system login authentication interface of keeper's login authentication prompting frame and configuration management operation box, administrator authentication success also, after completing configuration management operation, can be selected close or restart computer.If computer does not insert keeper's identity key 300, then display terminal operating system of user login authentication interface, namely have the normal graphical login authentication interface of username and password prompting frame, user can log in and use computer.
In sum, the present invention can realize keeper when not logging in Windows operating system, completes configuration management operation, has following beneficial effect:
1, audit work amount is saved;
2, the hidden danger that computer internal information is divulged a secret is reduced;
3, to a certain extent, the complexity of keeper's work is reduced.
Although above to invention has been detailed description, the present invention is not limited thereto, those skilled in the art of the present technique can carry out various amendment according to principle of the present invention.Therefore, all amendments done according to the principle of the invention, all should be understood to fall into protection scope of the present invention.
Claims (4)
1. before register system, user right be set and perform the method for corresponding operating, it is characterized in that, comprising:
A) during the os starting of computer, user right authentication module is utilized to judge whether there is administrator's authority;
B) if judged result is for existing administrator's authority, then login authentication CMOS macro cell keeper operating system login interface is utilized;
C) keeper carries out certification by described keeper's operating system login interface, carry out terminal configuration by described keeper's operating system login interface after the authentication has been successful and do not enter operating system, and selecting shut down computer or restart computer after completing terminal configuration;
D) if in described steps A) in, when user right authentication module determines to there is not administrator's authority, login authentication CMOS macro cell end users operation system login interface;
Wherein, described steps A) be specially: during os starting, whether user right authentication module sense terminals exists administrator's mark, and when detecting that described administrator identifies, determine to there is described administrator's authority;
Wherein, user right authentication module, by whether sense terminals being inserted with keeper's identity key, determines whether there is administrator's mark;
Wherein, described step B) be specially: when user right authentication module determines to there is administrator's authority, login authentication module, by reading described keeper's identity key, generates the keeper's operating system login interface comprising keeper's login authentication prompting frame and configuration management operation box.
2. method according to claim 1, is characterized in that, described step C) be specially:
Keeper utilizes described keeper's login authentication prompting frame and described configuration management operation box, carries out keeper's authentication, and carries out terminal configuration and do not enter operating system.
3. method according to claim 1 and 2, is characterized in that, described method also comprises:
E) described step D is performed) after, terminal use is entered by described end users operation system login interface and is used terminal.
4. before register system, user right be set and perform the device of corresponding operating, it is characterized in that, comprising:
User right authentication module, for during the os starting of computer, judges whether there is administrator's authority;
Login authentication module, for when for there is administrator's authority in the judged result of described user right authentication module, generate keeper's operating system login interface, keeper is made to carry out certification by described keeper's operating system login interface, carry out terminal configuration by described keeper's operating system login interface after the authentication has been successful and do not enter operating system, and selecting shut down computer or restart computer after completing terminal configuration;
Wherein, when the judged result of described user right authentication module is not for existing administrator's authority, generates end users operation system login interface, making terminal use enter by described end users operation system login interface and use terminal;
Wherein, during os starting, whether user right authentication module sense terminals exists administrator's mark, and when detecting that described administrator identifies, determine to there is described administrator's authority;
Wherein, described user right authentication module, by whether sense terminals being inserted with keeper's identity key, determines whether there is administrator's mark;
Wherein, described login authentication module, by reading described keeper's identity key, generates the keeper's operating system login interface comprising keeper's login authentication prompting frame and configuration management operation box.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210032505.7A CN102594815B (en) | 2012-02-14 | 2012-02-14 | Before register system, user right is set and performs method, the device of corresponding operating |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210032505.7A CN102594815B (en) | 2012-02-14 | 2012-02-14 | Before register system, user right is set and performs method, the device of corresponding operating |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102594815A CN102594815A (en) | 2012-07-18 |
| CN102594815B true CN102594815B (en) | 2016-01-20 |
Family
ID=46483016
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210032505.7A Active CN102594815B (en) | 2012-02-14 | 2012-02-14 | Before register system, user right is set and performs method, the device of corresponding operating |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102594815B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104317473B (en) * | 2014-09-24 | 2018-03-16 | 广州华多网络科技有限公司 | A kind of interface display method and client |
| CN105245535B (en) * | 2015-10-23 | 2018-07-24 | 上海斐讯数据通信技术有限公司 | Multi-client Explore of Unified Management Ideas and system |
| CN109491715B (en) * | 2018-11-06 | 2021-10-22 | 深圳市风云实业有限公司 | Application management method, device and terminal based on Windows NT |
| CN115269058B (en) * | 2022-09-29 | 2023-01-24 | 广州市保伦电子有限公司 | WPF resource loading method and device |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101689115A (en) * | 2007-06-12 | 2010-03-31 | 佳能株式会社 | Information processing method and program |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20050125677A1 (en) * | 2003-12-09 | 2005-06-09 | Michaelides Phyllis J. | Generic token-based authentication system |
| CN101169812A (en) * | 2006-10-25 | 2008-04-30 | 知网生物识别科技股份有限公司 | Viewfinder executive system multiple factor identification system and login method |
| CN201397508Y (en) * | 2009-05-13 | 2010-02-03 | 北京鼎普科技股份有限公司 | Stand-alone terminal secure login and monitoring device |
| CN101646169A (en) * | 2009-08-27 | 2010-02-10 | 大连海事大学 | System for authenticating permission distinction and permission encryption of tower crane user |
| CN101841537B (en) * | 2010-04-13 | 2013-01-16 | 北京时代亿信科技有限公司 | Method and system for realizing file sharing access control based on protocol proxy |
-
2012
- 2012-02-14 CN CN201210032505.7A patent/CN102594815B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101689115A (en) * | 2007-06-12 | 2010-03-31 | 佳能株式会社 | Information processing method and program |
Non-Patent Citations (1)
| Title |
|---|
| 基于USBKEY的BIOS和系统安全增强技术;徐宁等;《计算机工程与科学》;20061130;第28卷(第11期);第4-5页、第32页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102594815A (en) | 2012-07-18 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100492324C (en) | Partition access control system and method for controlling partition access | |
| CN107506663A (en) | Server security based on credible BMC starts method | |
| US8909940B2 (en) | Extensible pre-boot authentication | |
| Parno | Bootstrapping Trust in a" Trusted" Platform. | |
| CN113168476A (en) | Access control for personalized cryptography security in operating systems | |
| CN106156635A (en) | Method for starting terminal and device | |
| CN107003866A (en) | The safety establishment of encrypted virtual machine from encrypted template | |
| US11269984B2 (en) | Method and apparatus for securing user operation of and access to a computer system | |
| CN101377803B (en) | Method and system for implementing start-up protection | |
| CN101986325A (en) | Computer security access control system and method | |
| CN104104672A (en) | Method for establishing dynamic authorization code based on identity authentication | |
| US11675893B2 (en) | Verification application, method, electronic device and computer program | |
| CN1981277A (en) | Quarantine system | |
| CN108304698B (en) | Product authorized use method and device, computer equipment and storage medium | |
| CN101916348A (en) | Method and system for safely guiding operating system of user | |
| CN102594815B (en) | Before register system, user right is set and performs method, the device of corresponding operating | |
| CN102915415B (en) | Safety control method and system of mobile terminal | |
| CN105046138A (en) | FT-processor based trust management system and method | |
| CN101359354B (en) | Method and system for implementing power-on protection | |
| CN105005721A (en) | Computer authorization starting control system and method based on computer starting key | |
| CN104239762A (en) | Method for realizing secure login in Windows system | |
| CN105631259A (en) | Power-on verification method, power-on verification device and terminal | |
| CN105975872A (en) | Method for testing TPM under Windows | |
| CN104104671A (en) | System for establishing unified dynamic authorization code for enterprise legal person account | |
| CN102983969B (en) | Security login system and security login method for operating system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP02 | Change in the address of a patent holder | ||
| CP02 | Change in the address of a patent holder |
Address after: 100086 Beijing Haidian District Dijin Road 9 Courtyard 9 Building 4 Floor 101 Patentee after: BEIJING TIP TECHNOLOGY Co.,Ltd. Address before: 100084 Second Floor, Block C, Building 2, Liangcheng, Silicon Valley, 1 Nongda South Road, Haidian District, Beijing Patentee before: BEIJING TIP TECHNOLOGY Co.,Ltd. |
|
| EE01 | Entry into force of recordation of patent licensing contract | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20120718 Assignee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd. Assignor: BEIJING TIP TECHNOLOGY Co.,Ltd. Contract record no.: X2022110000030 Denomination of invention: Methods and devices for setting user permissions and performing corresponding operations before logging in to the operating system Granted publication date: 20160120 License type: Exclusive License Record date: 20220927 |
|
| PE01 | Entry into force of the registration of the contract for pledge of patent right | ||
| PE01 | Entry into force of the registration of the contract for pledge of patent right |
Denomination of invention: Methods and devices for setting user permissions and performing corresponding operations before logging in to the operating system Effective date of registration: 20220930 Granted publication date: 20160120 Pledgee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd. Pledgor: BEIJING TIP TECHNOLOGY Co.,Ltd. Registration number: Y2022110000251 |
|
| EC01 | Cancellation of recordation of patent licensing contract | ||
| EC01 | Cancellation of recordation of patent licensing contract |
Assignee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd. Assignor: BEIJING TIP TECHNOLOGY Co.,Ltd. Contract record no.: X2022110000030 Date of cancellation: 20240328 |
|
| PC01 | Cancellation of the registration of the contract for pledge of patent right | ||
| PC01 | Cancellation of the registration of the contract for pledge of patent right |
Granted publication date: 20160120 Pledgee: CHINA TECHNOLOGY EXCHANGE Co.,Ltd. Pledgor: BEIJING TIP TECHNOLOGY Co.,Ltd. Registration number: Y2022110000251 |