Hello All!
I am writing a management application, which has to access remote machines
registry via System.Diagnost ics.EventLog.Cr eateEventSource [which is
efficiently a registry access].
For each machine, I connect to, I create a DirectoryEntry and connect to
that machine specifying credentials. That's becauase the running user does
not has the right permissions [working with different domains, no trusts].
The application is written in C# and the action taken is done with threads
from the threadpool.
After I created the "secure channel" with the help of the DirectoryEntry
object , I do the CreateEventSour ce call, which fails with "General Access
Denied Error".
But this works fine, if the application runs - while testing - as a console
application, but fails, if it runs as a service!!!! It does also not work,
if I run the app temporarely with the Taskscheduler.
Because I cannot specify explicit credentials while access the registry, I
have no idea, what to do now. Access to the remote WMI service is well done
specifying explicit credentials.
I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
Any help would be great!!
Sorry for crossposting;I am not sure, what's the right/best group.
Thanks so far and
best regards,
Manfred
Mannheim
Germany
8  1808 
Manfred,
The problem is probably the service's permissions. You need to have your
service run as a user with permission to access the remote computer. Do a
google search on Service Permission and you will get a lot of hits.
Dave
"Manfred Braun" <aa@bb.cc> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. .. Hello All!
I am writing a management application, which has to access remote machines
registry via System.Diagnost ics.EventLog.Cr eateEventSource [which is
efficiently a registry access].
For each machine, I connect to, I create a DirectoryEntry and connect to
that machine specifying credentials. That's becauase the running user does
not has the right permissions [working with different domains, no trusts].
The application is written in C# and the action taken is done with threads
from the threadpool.
After I created the "secure channel" with the help of the DirectoryEntry
object , I do the CreateEventSour ce call, which fails with "General Access
Denied Error".
But this works fine, if the application runs - while testing - as a
console application, but fails, if it runs as a service!!!! It does also
not work, if I run the app temporarely with the Taskscheduler.
Because I cannot specify explicit credentials while access the registry, I
have no idea, what to do now. Access to the remote WMI service is well
done specifying explicit credentials.
I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
Any help would be great!!
Sorry for crossposting;I am not sure, what's the right/best group.
Thanks so far and
best regards,
Manfred
Mannheim
Germany
Hallo Dave
and much thanks first. But the problem is another. Because there are truts
between the domains, the running user is not of any importence and I need to
explicitely specify credentials [which are different for different computers
I connect to]. I create a session with:
DirectoryEntry de = new DirectoryEntry( "WinNT://remComp,compute r", user,
pass, AuthenticationT ypes.Secure);
This works well and I can read the properties of the computer-object from
the remote box, even my running user does not have [implicit] permissions.
Now, with the establishes session, I try to modify the remote registry with:
System.Diagnost ics.EventLog.Cr eateEventSource
(
ec.dynConf.even tlogSourcename,
"Applicatio n",
"remComp")
);
which fails with "General Access Denied Error". So my thread [which is from
the threadpool], lost the permissions anywhere !!!!
Thanks so far and
best regards,
Manfred
"D. Yates" <fo****@hotmail .com> wrote in message
news:OD******** ******@tk2msftn gp13.phx.gbl... Manfred,
The problem is probably the service's permissions. You need to have your
service run as a user with permission to access the remote computer. Do a
google search on Service Permission and you will get a lot of hits.
Dave
"Manfred Braun" <aa@bb.cc> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. .. Hello All!
I am writing a management application, which has to access remote
machines registry via System.Diagnost ics.EventLog.Cr eateEventSource [which is
efficiently a registry access].
For each machine, I connect to, I create a DirectoryEntry and connect to
that machine specifying credentials. That's becauase the running user
does not has the right permissions [working with different domains, no
trusts]. The application is written in C# and the action taken is done with
threads from the threadpool.
After I created the "secure channel" with the help of the DirectoryEntry
object , I do the CreateEventSour ce call, which fails with "General
Access Denied Error".
But this works fine, if the application runs - while testing - as a
console application, but fails, if it runs as a service!!!! It does also
not work, if I run the app temporarely with the Taskscheduler.
Because I cannot specify explicit credentials while access the registry,
I have no idea, what to do now. Access to the remote WMI service is well
done specifying explicit credentials.
I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
Any help would be great!!
Sorry for crossposting;I am not sure, what's the right/best group.
Thanks so far and
best regards,
Manfred
Mannheim
Germany
Manfred,
Your thread doesn't run as the user you specified for your DirectoryEntry
call, the call only creates a network logon session for the connection with
remComp, that is, the client thread uses the token obtained to connect and
accessing the network resource, but this token is not carried over to your
threadpool thread, TP threads always use the process token unless you are
explicitely impersonating (calling LogonUser(), Impersonate()). So, what you
need to do is or impersonate or run your service as a dedicated user with
appropriate access privileges to all remote server.
Willy.
"Manfred Braun" <aa@bb.cc> wrote in message
news:u9******** ******@TK2MSFTN GP12.phx.gbl... Hallo Dave
and much thanks first. But the problem is another. Because there are truts
between the domains, the running user is not of any importence and I need
to
explicitely specify credentials [which are different for different
computers
I connect to]. I create a session with:
DirectoryEntry de = new DirectoryEntry( "WinNT://remComp,compute r", user,
pass, AuthenticationT ypes.Secure);
This works well and I can read the properties of the computer-object from
the remote box, even my running user does not have [implicit] permissions.
Now, with the establishes session, I try to modify the remote registry
with:
System.Diagnost ics.EventLog.Cr eateEventSource
(
ec.dynConf.even tlogSourcename,
"Applicatio n",
"remComp")
);
which fails with "General Access Denied Error". So my thread [which is
from
the threadpool], lost the permissions anywhere !!!!
Thanks so far and
best regards,
Manfred
"D. Yates" <fo****@hotmail .com> wrote in message
news:OD******** ******@tk2msftn gp13.phx.gbl... Manfred,
The problem is probably the service's permissions. You need to have your
service run as a user with permission to access the remote computer. Do
a
google search on Service Permission and you will get a lot of hits.
Dave
"Manfred Braun" <aa@bb.cc> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. .. > Hello All!
>
> I am writing a management application, which has to access remote machines > registry via System.Diagnost ics.EventLog.Cr eateEventSource [which is
> efficiently a registry access].
>
> For each machine, I connect to, I create a DirectoryEntry and connect
> to
> that machine specifying credentials. That's becauase the running user does > not has the right permissions [working with different domains, no trusts]. > The application is written in C# and the action taken is done with threads > from the threadpool.
> After I created the "secure channel" with the help of the
> DirectoryEntry
> object , I do the CreateEventSour ce call, which fails with "General Access > Denied Error".
>
> But this works fine, if the application runs - while testing - as a
> console application, but fails, if it runs as a service!!!! It does
> also
> not work, if I run the app temporarely with the Taskscheduler.
>
> Because I cannot specify explicit credentials while access the
> registry, I > have no idea, what to do now. Access to the remote WMI service is well
> done specifying explicit credentials.
>
> I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
>
> Any help would be great!!
> Sorry for crossposting;I am not sure, what's the right/best group.
>
> Thanks so far and
> best regards,
> Manfred
> Mannheim
> Germany
>
Hello Willy!
Much thanks! That's what I was afraid of.
Best regards,
Manfred
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:eD******** ******@TK2MSFTN GP09.phx.gbl... Manfred,
Your thread doesn't run as the user you specified for your DirectoryEntry
call, the call only creates a network logon session for the connection
with remComp, that is, the client thread uses the token obtained to connect and
accessing the network resource, but this token is not carried over to your
threadpool thread, TP threads always use the process token unless you are
explicitely impersonating (calling LogonUser(), Impersonate()). So, what
you need to do is or impersonate or run your service as a dedicated user with
appropriate access privileges to all remote server.
Willy.
"Manfred Braun" <aa@bb.cc> wrote in message
news:u9******** ******@TK2MSFTN GP12.phx.gbl... Hallo Dave
and much thanks first. But the problem is another. Because there are
truts between the domains, the running user is not of any importence and I
need to
explicitely specify credentials [which are different for different
computers
I connect to]. I create a session with:
DirectoryEntry de = new DirectoryEntry( "WinNT://remComp,compute r", user,
pass, AuthenticationT ypes.Secure);
This works well and I can read the properties of the computer-object
from the remote box, even my running user does not have [implicit]
permissions. Now, with the establishes session, I try to modify the remote registry
with:
System.Diagnost ics.EventLog.Cr eateEventSource
(
ec.dynConf.even tlogSourcename,
"Applicatio n",
"remComp")
);
which fails with "General Access Denied Error". So my thread [which is
from
the threadpool], lost the permissions anywhere !!!!
Thanks so far and
best regards,
Manfred
"D. Yates" <fo****@hotmail .com> wrote in message
news:OD******** ******@tk2msftn gp13.phx.gbl... Manfred,
The problem is probably the service's permissions. You need to have
your service run as a user with permission to access the remote computer.
Do a
google search on Service Permission and you will get a lot of hits.
Dave
"Manfred Braun" <aa@bb.cc> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
> Hello All!
>
> I am writing a management application, which has to access remote
machines > registry via System.Diagnost ics.EventLog.Cr eateEventSource [which is
> efficiently a registry access].
>
> For each machine, I connect to, I create a DirectoryEntry and connect
> to
> that machine specifying credentials. That's becauase the running user
does > not has the right permissions [working with different domains, no
trusts]. > The application is written in C# and the action taken is done with
threads > from the threadpool.
> After I created the "secure channel" with the help of the
> DirectoryEntry
> object , I do the CreateEventSour ce call, which fails with "General
Access > Denied Error".
>
> But this works fine, if the application runs - while testing - as a
> console application, but fails, if it runs as a service!!!! It does
> also
> not work, if I run the app temporarely with the Taskscheduler.
>
> Because I cannot specify explicit credentials while access the
> registry,
I > have no idea, what to do now. Access to the remote WMI service is
well > done specifying explicit credentials.
>
> I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
>
> Any help would be great!!
> Sorry for crossposting;I am not sure, what's the right/best group.
>
> Thanks so far and
> best regards,
> Manfred
> Mannheim
> Germany
>
Hi Willy,
you could possibly help. In my situation, I cannot use "LogonUser" , because
the credentials I have to access the remote machine, are not valid locally.
The service is running with an account, which is autorized to access some
remote machines [domain members from my domain] and in this case, I have
just nothing to do. And for the others, I cannot manage [from my security
privileges] the trust-relationship between the domains. But with the known
credentails, I can access network resources manually, like shares, from my
domain. What I need is a method to access a registry remotely and I have to
write to the remote eventlog; I'll not use WMi for this [which would allow
to impersonate]. I want just something like to establish a secure
channel/logon to the remote box so that I can access difefrent resources
there.
Any help would be really great!
Is this type of funtionality possibly part of .Net 2.0 ??
Thanks so far
and best regards,
Manfred
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:eD******** ******@TK2MSFTN GP09.phx.gbl... Manfred,
Your thread doesn't run as the user you specified for your DirectoryEntry
call, the call only creates a network logon session for the connection
with remComp, that is, the client thread uses the token obtained to connect and
accessing the network resource, but this token is not carried over to your
threadpool thread, TP threads always use the process token unless you are
explicitely impersonating (calling LogonUser(), Impersonate()). So, what
you need to do is or impersonate or run your service as a dedicated user with
appropriate access privileges to all remote server.
Willy.
"Manfred Braun" <aa@bb.cc> wrote in message
news:u9******** ******@TK2MSFTN GP12.phx.gbl... Hallo Dave
and much thanks first. But the problem is another. Because there are
truts between the domains, the running user is not of any importence and I
need to
explicitely specify credentials [which are different for different
computers
I connect to]. I create a session with:
DirectoryEntry de = new DirectoryEntry( "WinNT://remComp,compute r", user,
pass, AuthenticationT ypes.Secure);
This works well and I can read the properties of the computer-object
from the remote box, even my running user does not have [implicit]
permissions. Now, with the establishes session, I try to modify the remote registry
with:
System.Diagnost ics.EventLog.Cr eateEventSource
(
ec.dynConf.even tlogSourcename,
"Applicatio n",
"remComp")
);
which fails with "General Access Denied Error". So my thread [which is
from
the threadpool], lost the permissions anywhere !!!!
Thanks so far and
best regards,
Manfred
"D. Yates" <fo****@hotmail .com> wrote in message
news:OD******** ******@tk2msftn gp13.phx.gbl... Manfred,
The problem is probably the service's permissions. You need to have
your service run as a user with permission to access the remote computer.
Do a
google search on Service Permission and you will get a lot of hits.
Dave
"Manfred Braun" <aa@bb.cc> wrote in message
news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
> Hello All!
>
> I am writing a management application, which has to access remote
machines > registry via System.Diagnost ics.EventLog.Cr eateEventSource [which is
> efficiently a registry access].
>
> For each machine, I connect to, I create a DirectoryEntry and connect
> to
> that machine specifying credentials. That's becauase the running user
does > not has the right permissions [working with different domains, no
trusts]. > The application is written in C# and the action taken is done with
threads > from the threadpool.
> After I created the "secure channel" with the help of the
> DirectoryEntry
> object , I do the CreateEventSour ce call, which fails with "General
Access > Denied Error".
>
> But this works fine, if the application runs - while testing - as a
> console application, but fails, if it runs as a service!!!! It does
> also
> not work, if I run the app temporarely with the Taskscheduler.
>
> Because I cannot specify explicit credentials while access the
> registry,
I > have no idea, what to do now. Access to the remote WMI service is
well > done specifying explicit credentials.
>
> I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
>
> Any help would be great!!
> Sorry for crossposting;I am not sure, what's the right/best group.
>
> Thanks so far and
> best regards,
> Manfred
> Mannheim
> Germany
>
Use LogongUser with LOGON32_LOGON_N EW_CREDENTIALS (dwLogonType = 9) as
logontype, this logontype clones the current token and uses the credentials
specified (username, machinename and password), for outbound connections
only.
Say, your current process runs as "BOB" and you call LogonUser specifying
ALICE's credentials, after impersonating local resources will be accessed
using BOB's token while remote resources will be accessed using ALICE's
token.
Willy.
PS note that this requires W2K, XP, W2K3 or higher.
"Manfred Braun" <aa@bb.cc> wrote in message
news:u7******** ******@TK2MSFTN GP09.phx.gbl... Hi Willy,
you could possibly help. In my situation, I cannot use "LogonUser" ,
because
the credentials I have to access the remote machine, are not valid
locally.
The service is running with an account, which is autorized to access some
remote machines [domain members from my domain] and in this case, I have
just nothing to do. And for the others, I cannot manage [from my security
privileges] the trust-relationship between the domains. But with the known
credentails, I can access network resources manually, like shares, from my
domain. What I need is a method to access a registry remotely and I have
to
write to the remote eventlog; I'll not use WMi for this [which would allow
to impersonate]. I want just something like to establish a secure
channel/logon to the remote box so that I can access difefrent resources
there.
Any help would be really great!
Is this type of funtionality possibly part of .Net 2.0 ??
Thanks so far
and best regards,
Manfred
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:eD******** ******@TK2MSFTN GP09.phx.gbl... Manfred,
Your thread doesn't run as the user you specified for your DirectoryEntry
call, the call only creates a network logon session for the connection
with remComp, that is, the client thread uses the token obtained to connect
and
accessing the network resource, but this token is not carried over to
your
threadpool thread, TP threads always use the process token unless you are
explicitely impersonating (calling LogonUser(), Impersonate()). So, what
you need to do is or impersonate or run your service as a dedicated user with
appropriate access privileges to all remote server.
Willy.
"Manfred Braun" <aa@bb.cc> wrote in message
news:u9******** ******@TK2MSFTN GP12.phx.gbl... > Hallo Dave
>
> and much thanks first. But the problem is another. Because there are truts > between the domains, the running user is not of any importence and I need > to
> explicitely specify credentials [which are different for different
> computers
> I connect to]. I create a session with:
>
> DirectoryEntry de = new DirectoryEntry( "WinNT://remComp,compute r",
> user,
> pass, AuthenticationT ypes.Secure);
>
> This works well and I can read the properties of the computer-object from > the remote box, even my running user does not have [implicit] permissions. > Now, with the establishes session, I try to modify the remote registry
> with:
>
> System.Diagnost ics.EventLog.Cr eateEventSource
> (
> ec.dynConf.even tlogSourcename,
> "Applicatio n",
> "remComp")
> );
> which fails with "General Access Denied Error". So my thread [which is
> from
> the threadpool], lost the permissions anywhere !!!!
>
> Thanks so far and
> best regards,
> Manfred
>
> "D. Yates" <fo****@hotmail .com> wrote in message
> news:OD******** ******@tk2msftn gp13.phx.gbl...
>> Manfred,
>>
>> The problem is probably the service's permissions. You need to have your >> service run as a user with permission to access the remote computer. Do >> a
>> google search on Service Permission and you will get a lot of hits.
>>
>> Dave
>>
>> "Manfred Braun" <aa@bb.cc> wrote in message
>> news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
>> > Hello All!
>> >
>> > I am writing a management application, which has to access remote
> machines
>> > registry via System.Diagnost ics.EventLog.Cr eateEventSource [which is
>> > efficiently a registry access].
>> >
>> > For each machine, I connect to, I create a DirectoryEntry and
>> > connect
>> > to
>> > that machine specifying credentials. That's becauase the running
>> > user
> does
>> > not has the right permissions [working with different domains, no
> trusts].
>> > The application is written in C# and the action taken is done with
> threads
>> > from the threadpool.
>> > After I created the "secure channel" with the help of the
>> > DirectoryEntry
>> > object , I do the CreateEventSour ce call, which fails with "General
> Access
>> > Denied Error".
>> >
>> > But this works fine, if the application runs - while testing - as a
>> > console application, but fails, if it runs as a service!!!! It does
>> > also
>> > not work, if I run the app temporarely with the Taskscheduler.
>> >
>> > Because I cannot specify explicit credentials while access the
>> > registry,
> I
>> > have no idea, what to do now. Access to the remote WMI service is well >> > done specifying explicit credentials.
>> >
>> > I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
>> >
>> > Any help would be great!!
>> > Sorry for crossposting;I am not sure, what's the right/best group.
>> >
>> > Thanks so far and
>> > best regards,
>> > Manfred
>> > Mannheim
>> > Germany
>> >
>>
>>
>
>
Hello Willy!
Thank you very, very much! That saved my soul. Under Windows 2003 Server,
this works with the LOGON32_PROVIDE R_DEFAULT, but under Windows 2000 I have
to use LOGON32_PROVIDE R_WINNT50. My code can now access the registry
remotely!!
Much thansk and
best regards,
Manfred
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:e1******** *******@TK2MSFT NGP10.phx.gbl.. . Use LogongUser with LOGON32_LOGON_N EW_CREDENTIALS (dwLogonType = 9) as
logontype, this logontype clones the current token and uses the
credentials specified (username, machinename and password), for outbound connections
only.
Say, your current process runs as "BOB" and you call LogonUser specifying
ALICE's credentials, after impersonating local resources will be accessed
using BOB's token while remote resources will be accessed using ALICE's
token.
Willy.
PS note that this requires W2K, XP, W2K3 or higher.
"Manfred Braun" <aa@bb.cc> wrote in message
news:u7******** ******@TK2MSFTN GP09.phx.gbl... Hi Willy,
you could possibly help. In my situation, I cannot use "LogonUser" ,
because
the credentials I have to access the remote machine, are not valid
locally.
The service is running with an account, which is autorized to access
some remote machines [domain members from my domain] and in this case, I have
just nothing to do. And for the others, I cannot manage [from my
security privileges] the trust-relationship between the domains. But with the
known credentails, I can access network resources manually, like shares, from
my domain. What I need is a method to access a registry remotely and I have
to
write to the remote eventlog; I'll not use WMi for this [which would
allow to impersonate]. I want just something like to establish a secure
channel/logon to the remote box so that I can access difefrent resources
there.
Any help would be really great!
Is this type of funtionality possibly part of .Net 2.0 ??
Thanks so far
and best regards,
Manfred
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:eD******** ******@TK2MSFTN GP09.phx.gbl... Manfred,
Your thread doesn't run as the user you specified for your
DirectoryEntry call, the call only creates a network logon session for the connection
with remComp, that is, the client thread uses the token obtained to connect
and
accessing the network resource, but this token is not carried over to
your
threadpool thread, TP threads always use the process token unless you
are explicitely impersonating (calling LogonUser(), Impersonate()). So,
what you need to do is or impersonate or run your service as a dedicated user
with appropriate access privileges to all remote server.
Willy.
"Manfred Braun" <aa@bb.cc> wrote in message
news:u9******** ******@TK2MSFTN GP12.phx.gbl...
> Hallo Dave
>
> and much thanks first. But the problem is another. Because there are
truts > between the domains, the running user is not of any importence and I
need > to
> explicitely specify credentials [which are different for different
> computers
> I connect to]. I create a session with:
>
> DirectoryEntry de = new DirectoryEntry( "WinNT://remComp,compute r",
> user,
> pass, AuthenticationT ypes.Secure);
>
> This works well and I can read the properties of the computer-object
from > the remote box, even my running user does not have [implicit]
permissions. > Now, with the establishes session, I try to modify the remote
registry > with:
>
> System.Diagnost ics.EventLog.Cr eateEventSource
> (
> ec.dynConf.even tlogSourcename,
> "Applicatio n",
> "remComp")
> );
> which fails with "General Access Denied Error". So my thread [which
is > from
> the threadpool], lost the permissions anywhere !!!!
>
> Thanks so far and
> best regards,
> Manfred
>
> "D. Yates" <fo****@hotmail .com> wrote in message
> news:OD******** ******@tk2msftn gp13.phx.gbl...
>> Manfred,
>>
>> The problem is probably the service's permissions. You need to have
your >> service run as a user with permission to access the remote computer.
Do >> a
>> google search on Service Permission and you will get a lot of hits.
>>
>> Dave
>>
>> "Manfred Braun" <aa@bb.cc> wrote in message
>> news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
>> > Hello All!
>> >
>> > I am writing a management application, which has to access remote
> machines
>> > registry via System.Diagnost ics.EventLog.Cr eateEventSource [which
is >> > efficiently a registry access].
>> >
>> > For each machine, I connect to, I create a DirectoryEntry and
>> > connect
>> > to
>> > that machine specifying credentials. That's becauase the running
>> > user
> does
>> > not has the right permissions [working with different domains, no
> trusts].
>> > The application is written in C# and the action taken is done with
> threads
>> > from the threadpool.
>> > After I created the "secure channel" with the help of the
>> > DirectoryEntry
>> > object , I do the CreateEventSour ce call, which fails with
"General > Access
>> > Denied Error".
>> >
>> > But this works fine, if the application runs - while testing - as
a >> > console application, but fails, if it runs as a service!!!! It
does >> > also
>> > not work, if I run the app temporarely with the Taskscheduler.
>> >
>> > Because I cannot specify explicit credentials while access the
>> > registry,
> I
>> > have no idea, what to do now. Access to the remote WMI service is
well >> > done specifying explicit credentials.
>> >
>> > I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
>> >
>> > Any help would be great!!
>> > Sorry for crossposting;I am not sure, what's the right/best group.
>> >
>> > Thanks so far and
>> > best regards,
>> > Manfred
>> > Mannheim
>> > Germany
>> >
>>
>>
>
>
Glad to help you out with this.
Note that it's better to use LOGON32_PROVIDE R_WINNT50 in all cases, that way
you are sure Kerberos is used as protocol.
Willy.
"Manfred Braun" <aa@bb.cc> wrote in message
news:Oy******** *****@TK2MSFTNG P15.phx.gbl... Hello Willy!
Thank you very, very much! That saved my soul. Under Windows 2003 Server,
this works with the LOGON32_PROVIDE R_DEFAULT, but under Windows 2000 I
have
to use LOGON32_PROVIDE R_WINNT50. My code can now access the registry
remotely!!
Much thansk and
best regards,
Manfred
"Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
news:e1******** *******@TK2MSFT NGP10.phx.gbl.. . Use LogongUser with LOGON32_LOGON_N EW_CREDENTIALS (dwLogonType = 9) as
logontype, this logontype clones the current token and uses the
credentials specified (username, machinename and password), for outbound connections
only.
Say, your current process runs as "BOB" and you call LogonUser specifying
ALICE's credentials, after impersonating local resources will be accessed
using BOB's token while remote resources will be accessed using ALICE's
token.
Willy.
PS note that this requires W2K, XP, W2K3 or higher.
"Manfred Braun" <aa@bb.cc> wrote in message
news:u7******** ******@TK2MSFTN GP09.phx.gbl... > Hi Willy,
>
> you could possibly help. In my situation, I cannot use "LogonUser" ,
> because
> the credentials I have to access the remote machine, are not valid
> locally.
> The service is running with an account, which is autorized to access some > remote machines [domain members from my domain] and in this case, I
> have
> just nothing to do. And for the others, I cannot manage [from my security > privileges] the trust-relationship between the domains. But with the known > credentails, I can access network resources manually, like shares, from my > domain. What I need is a method to access a registry remotely and I
> have
> to
> write to the remote eventlog; I'll not use WMi for this [which would allow > to impersonate]. I want just something like to establish a secure
> channel/logon to the remote box so that I can access difefrent
> resources
> there.
>
> Any help would be really great!
> Is this type of funtionality possibly part of .Net 2.0 ??
>
> Thanks so far
> and best regards,
> Manfred
>
> "Willy Denoyette [MVP]" <wi************ *@telenet.be> wrote in message
> news:eD******** ******@TK2MSFTN GP09.phx.gbl...
>> Manfred,
>> Your thread doesn't run as the user you specified for your DirectoryEntry >> call, the call only creates a network logon session for the connection
> with
>> remComp, that is, the client thread uses the token obtained to connect
>> and
>> accessing the network resource, but this token is not carried over to
>> your
>> threadpool thread, TP threads always use the process token unless you are >> explicitely impersonating (calling LogonUser(), Impersonate()). So, what > you
>> need to do is or impersonate or run your service as a dedicated user with >> appropriate access privileges to all remote server.
>>
>> Willy.
>>
>> "Manfred Braun" <aa@bb.cc> wrote in message
>> news:u9******** ******@TK2MSFTN GP12.phx.gbl...
>> > Hallo Dave
>> >
>> > and much thanks first. But the problem is another. Because there are
> truts
>> > between the domains, the running user is not of any importence and I
> need
>> > to
>> > explicitely specify credentials [which are different for different
>> > computers
>> > I connect to]. I create a session with:
>> >
>> > DirectoryEntry de = new DirectoryEntry( "WinNT://remComp,compute r",
>> > user,
>> > pass, AuthenticationT ypes.Secure);
>> >
>> > This works well and I can read the properties of the computer-object
> from
>> > the remote box, even my running user does not have [implicit]
> permissions.
>> > Now, with the establishes session, I try to modify the remote registry >> > with:
>> >
>> > System.Diagnost ics.EventLog.Cr eateEventSource
>> > (
>> > ec.dynConf.even tlogSourcename,
>> > "Applicatio n",
>> > "remComp")
>> > );
>> > which fails with "General Access Denied Error". So my thread [which is >> > from
>> > the threadpool], lost the permissions anywhere !!!!
>> >
>> > Thanks so far and
>> > best regards,
>> > Manfred
>> >
>> > "D. Yates" <fo****@hotmail .com> wrote in message
>> > news:OD******** ******@tk2msftn gp13.phx.gbl...
>> >> Manfred,
>> >>
>> >> The problem is probably the service's permissions. You need to
>> >> have
> your
>> >> service run as a user with permission to access the remote
>> >> computer.
> Do
>> >> a
>> >> google search on Service Permission and you will get a lot of hits.
>> >>
>> >> Dave
>> >>
>> >> "Manfred Braun" <aa@bb.cc> wrote in message
>> >> news:%2******** ********@TK2MSF TNGP12.phx.gbl. ..
>> >> > Hello All!
>> >> >
>> >> > I am writing a management application, which has to access remote
>> > machines
>> >> > registry via System.Diagnost ics.EventLog.Cr eateEventSource [which is >> >> > efficiently a registry access].
>> >> >
>> >> > For each machine, I connect to, I create a DirectoryEntry and
>> >> > connect
>> >> > to
>> >> > that machine specifying credentials. That's becauase the running
>> >> > user
>> > does
>> >> > not has the right permissions [working with different domains, no
>> > trusts].
>> >> > The application is written in C# and the action taken is done
>> >> > with
>> > threads
>> >> > from the threadpool.
>> >> > After I created the "secure channel" with the help of the
>> >> > DirectoryEntry
>> >> > object , I do the CreateEventSour ce call, which fails with "General >> > Access
>> >> > Denied Error".
>> >> >
>> >> > But this works fine, if the application runs - while testing - as a >> >> > console application, but fails, if it runs as a service!!!! It does >> >> > also
>> >> > not work, if I run the app temporarely with the Taskscheduler.
>> >> >
>> >> > Because I cannot specify explicit credentials while access the
>> >> > registry,
>> > I
>> >> > have no idea, what to do now. Access to the remote WMI service is
> well
>> >> > done specifying explicit credentials.
>> >> >
>> >> > I am running Windows Server 2003,en,SP1 and framework 1.1, SP1
>> >> >
>> >> > Any help would be great!!
>> >> > Sorry for crossposting;I am not sure, what's the right/best
>> >> > group.
>> >> >
>> >> > Thanks so far and
>> >> > best regards,
>> >> > Manfred
>> >> > Mannheim
>> >> > Germany
>> >> >
>> >>
>> >>
>> >
>> >
>>
>>
>
>
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: John |
last post by:
Internet Facing SQL Server, Login Security? How?
I would think that our Project is fairly common. We're stuck on a
security question.
We have a typical SQL Server 2000, running under Windows 2000 Server.
Our app is a VB, RDO. The Users are nationwide, in various client
companies, all sorts of PC platforms.
|
by: xzzy |
last post by:
foreach(Thread t in clsStaticVARS.threadHolder.Values)
{
If (t.Name == Name )
{
if (!t.IsAlive)
{
threadHolder.Remove(t.Name);
break;
}
}
|
by: James |
last post by:
What is the maximum threads .net can open at one time ?
If there is a max , how do i increase it ?
|
by: David Beoulve |
last post by:
In my windows C# app, I create a thread to separate the main code block
from the GUI, which recursively sorts through all the directories
starting from a given point, and every time it finds a "*.html" file,
it starts a new thread to go to work on that file. Since each
individual thread doesn't have to touch another's file, this works
fine.
What I need to know is when all of these threads are finished.
Theoretically a lot of threads...
|
by: gel |
last post by:
Hi all
I am attempting to understand threads to use in a network app which I
am writing. The part that I am going to use threads on is run on the
clients/workstations. I will monitor all starting and ending
processes. Below is what I have been doing. It looks like only the
first thread is starting. Can someone explain a basic example of how
threads work and are implemented, what is better to use threading or
thread module, and what am...
| | |
by: marccruz |
last post by:
Hi,
I am writing a Windows Service in C#. I want to gracefully fail the
"protected override void OnStop()" function. To do this, I first tried
throwing an Exception in the function. However, that left the Service
in a "Stopping" state.
I would like to fail the Service in the OnStop function without putting
the service in the Stopping state. It would be nice if it's still in
the Started state. Is this possible? If so, how?
|
by: daan |
last post by:
Hello,
I have a problem and I can't get the solution for it :(
I have a com dll, which i imported as a reference. The com object is
part of a class which is multithreaded and will create seperate objects
which we can and must control. On these com objects I added the events
via AddHandler. This is working great, I can see that my threads are
raising events through the com object.
|
by: Alex |
last post by:
I am fairly new to C# development. I have read a number of articles
about developing messenger applications, but they all assume that it
is operating internally and that the IP address of the client is
known. I would like to develop a messenger-esque service that will
communicate live database information to a central, remote server.
The process would be something like this:
1) A user at the remote site requests information from the...
|
by: y2ktan |
last post by:
hi guys,
I am building my web page using AJAX in ASP.Net, now I want to make a cross-domain call from my web application to my web service that both of them are hosted at different machine.
I used the steps below to make the cross-domain call to the web service.
First of all, I created a web service named as HRService.asmx and it is working fine by running under IIS 5.1.
Secondy, I make a reference to the web service proxies by writing...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look !
Part I. Meaning of...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| | |
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed.
This is as boiled down as I can make it.
Here is my compilation command:
g++-12 -std=c++20 -Wnarrowing bit_field.cpp
Here is the code in...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: TSSRALBI |
last post by:
Hello
I'm a network technician in training and I need your help.
I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs.
The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols.
I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
