W
Willy Denoyette [MVP]
Manfred,
Your thread doesn't run as the user you specified for your DirectoryEntry
call, the call only creates a network logon session for the connection with
remComp, that is, the client thread uses the token obtained to connect and
accessing the network resource, but this token is not carried over to your
threadpool thread, TP threads always use the process token unless you are
explicitely impersonating (calling LogonUser(), Impersonate()). So, what you
need to do is or impersonate or run your service as a dedicated user with
appropriate access privileges to all remote server.
Willy.
Your thread doesn't run as the user you specified for your DirectoryEntry
call, the call only creates a network logon session for the connection with
remComp, that is, the client thread uses the token obtained to connect and
accessing the network resource, but this token is not carried over to your
threadpool thread, TP threads always use the process token unless you are
explicitely impersonating (calling LogonUser(), Impersonate()). So, what you
need to do is or impersonate or run your service as a dedicated user with
appropriate access privileges to all remote server.
Willy.
Manfred Braun said:Hallo Dave
and much thanks first. But the problem is another. Because there are truts
between the domains, the running user is not of any importence and I need
to
explicitely specify credentials [which are different for different
computers
I connect to]. I create a session with:
DirectoryEntry de = new DirectoryEntry("WinNT://remComp,computer", user,
pass, AuthenticationTypes.Secure);
This works well and I can read the properties of the computer-object from
the remote box, even my running user does not have [implicit] permissions.
Now, with the establishes session, I try to modify the remote registry
with:
System.Diagnostics.EventLog.CreateEventSource
(
ec.dynConf.eventlogSourcename,
"Application",
"remComp")
);
which fails with "General Access Denied Error". So my thread [which is
from
the threadpool], lost the permissions anywhere !!!!
Thanks so far and
best regards,
Manfred
D. Yates said:Manfred,
The problem is probably the service's permissions. You need to have your
service run as a user with permission to access the remote computer. Do
a
google search on Service Permission and you will get a lot of hits.
Dave
Manfred Braun said:Hello All!
I am writing a management application, which has to access remote machines
registry via System.Diagnostics.EventLog.CreateEventSource [which is
efficiently a registry access].
For each machine, I connect to, I create a DirectoryEntry and connect
to
that machine specifying credentials. That's becauase the running user does
not has the right permissions [working with different domains, no trusts].
The application is written in C# and the action taken is done with threads
from the threadpool.
After I created the "secure channel" with the help of the
DirectoryEntry
object , I do the CreateEventSource call, which fails with "General Access
Denied Error".
But this works fine, if the application runs - while testing - as a
console application, but fails, if it runs as a service!!!! It does
also
not work, if I run the app temporarely with the Taskscheduler.
Because I cannot specify explicit credentials while access the
registry, I
have no idea, what to do now. Access to the remote WMI service is well
done specifying explicit credentials.
I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
Any help would be great!!
Sorry for crossposting;I am not sure, what's the right/best group.
Thanks so far and
best regards,
Manfred
Mannheim
Germany