Hi Willy,
you could possibly help. In my situation, I cannot use "LogonUser",
because
the credentials I have to access the remote machine, are not valid
locally.
The service is running with an account, which is autorized to access some
remote machines [domain members from my domain] and in this case, I
have
just nothing to do. And for the others, I cannot manage [from my security
privileges] the trust-relationship between the domains. But with the known
credentails, I can access network resources manually, like shares, from my
domain. What I need is a method to access a registry remotely and I
have
to
write to the remote eventlog; I'll not use WMi for this [which would allow
to impersonate]. I want just something like to establish a secure
channel/logon to the remote box so that I can access difefrent
resources
there.
Any help would be really great!
Is this type of funtionality possibly part of .Net 2.0 ??
Thanks so far
and best regards,
Manfred
Manfred,
Your thread doesn't run as the user you specified for your DirectoryEntry
call, the call only creates a network logon session for the connection
with
remComp, that is, the client thread uses the token obtained to connect
and
accessing the network resource, but this token is not carried over to
your
threadpool thread, TP threads always use the process token unless you are
explicitely impersonating (calling LogonUser(), Impersonate()). So, what
you
need to do is or impersonate or run your service as a dedicated user with
appropriate access privileges to all remote server.
Willy.
Hallo Dave
and much thanks first. But the problem is another. Because there are
truts
between the domains, the running user is not of any importence and I
need
to
explicitely specify credentials [which are different for different
computers
I connect to]. I create a session with:
DirectoryEntry de = new DirectoryEntry("WinNT://remComp,computer",
user,
pass, AuthenticationTypes.Secure);
This works well and I can read the properties of the computer-object
from
the remote box, even my running user does not have [implicit]
permissions.
Now, with the establishes session, I try to modify the remote registry
with:
System.Diagnostics.EventLog.CreateEventSource
(
ec.dynConf.eventlogSourcename,
"Application",
"remComp")
);
which fails with "General Access Denied Error". So my thread [which is
from
the threadpool], lost the permissions anywhere !!!!
Thanks so far and
best regards,
Manfred
Manfred,
The problem is probably the service's permissions. You need to
have
your
service run as a user with permission to access the remote
computer.
Do
a
google search on Service Permission and you will get a lot of hits.
Dave
Hello All!
I am writing a management application, which has to access remote
machines
registry via System.Diagnostics.EventLog.CreateEventSource [which is
efficiently a registry access].
For each machine, I connect to, I create a DirectoryEntry and
connect
to
that machine specifying credentials. That's becauase the running
user
does
not has the right permissions [working with different domains, no
trusts].
The application is written in C# and the action taken is done
with
threads
from the threadpool.
After I created the "secure channel" with the help of the
DirectoryEntry
object , I do the CreateEventSource call, which fails with "General
Access
Denied Error".
But this works fine, if the application runs - while testing - as a
console application, but fails, if it runs as a service!!!! It does
also
not work, if I run the app temporarely with the Taskscheduler.
Because I cannot specify explicit credentials while access the
registry,
I
have no idea, what to do now. Access to the remote WMI service is
well
done specifying explicit credentials.
I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
Any help would be great!!
Sorry for crossposting;I am not sure, what's the right/best
group.
Thanks so far and
best regards,
Manfred
Mannheim
Germany
