The problem in WMI access to remote server with Windows Credentials

Vadim Malishev

Hello,

Can anybody help to solve the following problem?

My Windows Service trying to access remote machine to get WindowsDirector y
Property over Win32_Operating System WMI class. Both servers are in the same
Active Directory domain, so I create special active directory user and
impersonate to it before invoke WMI.

My code looks like:

foreach (WMI.OperatingS ystem sysTest in
WMI.OperatingSy stem.GetInstanc es(scope, new string[] {
"WindowsDirecto ry" }))
{
return sysTest.Windows Directory;
}

This code works fine if I specify UserName and password in the scope, but it
is fail if I use WindowsImperson ation (and specify null as userName in the
scope) with the following error:

System.Argument Exception: Value does not fall within the expected range.
at
System.Runtime. InteropServices .Marshal.ThrowE xceptionForHRIn ternal(Int32
errorCode, IntPtr errorInfo)
at System.Manageme nt.SecurityHand ler.Secure(IEnu mWbemClassObjec t
enumWbem)
at System.Manageme nt.ManagementOb jectCollection. GetEnumerator()
at WMI.OperatingSy stem.OperatingS ystem0Collectio n.GetEnumerator ()

The problem here:
public class System.Manageme nt.ManagementOb jectCollection
{
//...
public ManagementObjec tEnumerator GetEnumerator()
{
//...
IEnumWbemClassO bject ppEnum = null;
int errorCode = 0;
try
{
errorCode = this.enumWbem.C lone_(out ppEnum);
this.scope.GetS ecurityHandler( ).Secure(ppEnum ); //<<<<<<<<< Error
!!!!!!!!!!!!

if ((errorCode & 0x80000000) == 0)
{
errorCode = ppEnum.Reset_() ;
}
}

The IEnumWbemClassO bject.Clone fails with code WBEM_E_ACCESS_D ENIED and
returns ppEnum with null, then IWmiSec.BlessIE numWbemClassObj ect (It is
called inside SecurityHandler .Secure) fails with ArgumentExcepti on.

The most strange in it is this code don't fail if I invoke it from
interactive user (not in service).

Can anybody help me to understand how to fix or workaround this problem? I
found only one solution: to create object without enumerate by specify
direct management path, but it is work only for objects like Win32_Service
here I can build this path, but for Win32_Operating System I can't build
management path because its look like
"\\Server\root\ CimV2:Win32_Ope ratingSystem.Na me="Microsoft Windows Server
2003 Enterprise Edition|C:\\WIN DOWS|\\Device\\ Harddisk0\\Part ition1" and I
have no idea how to build such path remotely.

Thanks.

Vadim Malishev
PEM Windows Platform Services Team Leader
SWsoft, Inc.
E-mail: vm*******@swsof t.com
Phone: +7 923 240 04 48
ICQ UIN: 74989244
Skype nick: lboos75
Google talk: lb*****@gmail.c om
MSN: lb*****@gmail.c om
Web Site: http://www.swsoft.com

Jun 8 '07 #1

Subscribe Reply

4787

Willy Denoyette [MVP]

"Vadim Malishev" <vm*******@swso ft.comwrote in message
news:eh******** ******@TK2MSFTN GP04.phx.gbl...

Hello,

Can anybody help to solve the following problem?

My Windows Service trying to access remote machine to get WindowsDirector y
Property over Win32_Operating System WMI class. Both servers are in the
same
Active Directory domain, so I create special active directory user and
impersonate to it before invoke WMI.

My code looks like:

foreach (WMI.OperatingS ystem sysTest in
WMI.OperatingSy stem.GetInstanc es(scope, new string[] {
"WindowsDirecto ry" }))
{
return sysTest.Windows Directory;
}

This code works fine if I specify UserName and password in the scope, but
it
is fail if I use WindowsImperson ation (and specify null as userName in the
scope) with the following error:

System.Argument Exception: Value does not fall within the expected range.
at
System.Runtime. InteropServices .Marshal.ThrowE xceptionForHRIn ternal(Int32
errorCode, IntPtr errorInfo)
at System.Manageme nt.SecurityHand ler.Secure(IEnu mWbemClassObjec t
enumWbem)
at System.Manageme nt.ManagementOb jectCollection. GetEnumerator()
at WMI.OperatingSy stem.OperatingS ystem0Collectio n.GetEnumerator ()

The problem here:
public class System.Manageme nt.ManagementOb jectCollection
{
//...
public ManagementObjec tEnumerator GetEnumerator()
{
//...
IEnumWbemClassO bject ppEnum = null;
int errorCode = 0;
try
{
errorCode = this.enumWbem.C lone_(out ppEnum);
this.scope.GetS ecurityHandler( ).Secure(ppEnum ); //<<<<<<<<< Error
!!!!!!!!!!!!

if ((errorCode & 0x80000000) == 0)
{
errorCode = ppEnum.Reset_() ;
}
}

The IEnumWbemClassO bject.Clone fails with code WBEM_E_ACCESS_D ENIED and
returns ppEnum with null, then IWmiSec.BlessIE numWbemClassObj ect (It is
called inside SecurityHandler .Secure) fails with ArgumentExcepti on.

The most strange in it is this code don't fail if I invoke it from
interactive user (not in service).

Can anybody help me to understand how to fix or workaround this problem? I
found only one solution: to create object without enumerate by specify
direct management path, but it is work only for objects like Win32_Service
here I can build this path, but for Win32_Operating System I can't build
management path because its look like
"\\Server\root\ CimV2:Win32_Ope ratingSystem.Na me="Microsoft Windows Server
2003 Enterprise Edition|C:\\WIN DOWS|\\Device\\ Harddisk0\\Part ition1" and I
have no idea how to build such path remotely.

Thanks.

Vadim Malishev
PEM Windows Platform Services Team Leader
SWsoft, Inc.
E-mail: vm*******@swsof t.com
Phone: +7 923 240 04 48
ICQ UIN: 74989244
Skype nick: lboos75
Google talk: lb*****@gmail.c om
MSN: lb*****@gmail.c om
Web Site: http://www.swsoft.com

Please post your code, posting a piece of System.Manageme nt's implementation
is of no use for us.
What we need is a small but complete sample that illustrates the issue (a
console sample!), we need to see how you set-up the scope.
Also you need to make sure that the impersonating thread is the thread that
calls the remote server, from your description it looks like the call is
made using the process token (using the Service process identity), not the
impersonating token.
Also we need some more context, what OS and Framework version are you
running this from?

Willy.

Jun 8 '07 #2

Vadim Malishev

Sorry for the answer delay.

Please post your code, posting a piece of System.Manageme nt's
implementation is of no use for us.
What we need is a small but complete sample that illustrates the issue (a
console sample!), we need to see how you set-up the scope.

It is not easy.

It is:
MPF (Microsoft Provisioning Framework) provider. This provider registered to
impersonate to the system user (created by installer). This part is
correct - DCOM impersonate my code before invoke Process method. After that
I try to connect WMI.

Also you need to make sure that the impersonating thread is the thread
that calls the remote server, from your description it looks like the call
is made using the process token (using the Service process identity), not
the impersonating token.

Good idea - thank you - I will check it.

Also we need some more context, what OS and Framework version are you
running this from?

Win2003 Ent, .NET 2.

>
Willy.

Vadim.

Jun 13 '07 #3

Similar topics

5909

Access a remote MSMQ Server from and ASP page (Q173339)

by: Bryce | last post by:

In reference to Q173339, this code works fine if accessing a local queue on the same Server as the IIS is running, but fails if accessing a remote queue I have provided credentials via Anonymous Logon, and this then works with the Administrator logon, but with no other credentials. The remote queue has "Everyone" and "ANONYMOUS LOGON" with all access priviliges. Both Servers are running Windows 2003 and MSMQ 3. Code Follow < set...

ASP / Active Server Pages

10835

HKEY_LOCAL_MACHINE Registry Access

by: Kevin Swanson | last post by:

I'm attempting some remote registry manipulation via C#. I've written a test app to simply grab a specified key from a specified hive on a specified machine. The call to OpenSubKey is throwing System.SecurityException. Also of note: Sitting at my local box, I can open regedit and connect to the remote registry. I see three hives: _CLASSES_ROOT, _LOCAL_MACHINE, and _USERS. I can open all but HKEY_LOCAL_MACHINE. When I try to expand that...

C# / C Sharp

2700

How do I access a web service on another machine on different domains

by: Ian | last post by:

Can anyone help I have a web server on the internet with and ASP.NET application on it, the application is set to allow Anonymous Access and Integrated Windows. The Web.config is set to use Forms authentication. On the server side, where the web server is I have set IIS to disable Anonymous access and allow Integrated Windows. I have sync'd both the APSNET account on the web servers and application server so that access will be...

ASP.NET

3572

File copy via ASP.NET access errors?

by: Stu | last post by:

Using IIs 6.0 on a Server 2003 box, and using ASP.NET I'm trying to do the following code snippit... Dim NewName As String = "\\network_share_path\edit_me.ppt" Dim PubName As String = "\\network_share_path\show_me.ppt" Dim PubFile As System.IO.File If PubFile.Exists(PubName) Then

ASP.NET

4898

Win2003 Server - Access to the path is denied

by: Jody Gelowitz | last post by:

We are having an issue in that when trying to read a file that is on Server2 from Server1 (through our ASP.NET project), we receive the error: Access to the path "\\Server2\MyShare\MyFile.tif" is denied. Here is the server setup that we have: Dev - Development Computer on WinXP Pro SP2 (IIS5), VS2003 developing under .NET Framework 1.1 Server1 - Web Server on Win2003 Server (IIS6) Server2 - File Server on Win2003 Server

ASP.NET

2520

error when trying to programmatically access a mapped drive

by: maz01 | last post by:

Hello All, I am developing an application in visual basic 2005 that will run continuously in the background on a users workstation. This application will automatically transfer files from the local machine to a remote server and vise versa. It checks for the files on a timed interval. I have two problems with this application that I am having trouble figuring out: The first problem is that the cmd.exe shell pops up on the screen every...

.NET Framework

2597

Remote Debugging Issue

by: | last post by:

I'm writing an ASP.NET app, using Visual Studio 2003. VS is running locally on my laptop, but the web app is running on a remote server. My laptop is not in the domain. I do have a domain account. I had no issue creating the web app on the remote server after authenticating with the domain account, but I can't debug. It complains that I don't have rights. My domain account is in the administrators group on the remote machine. I also have...

ASP.NET

1921

ACCESS AN ACCESS DATABASE FROM ASP.NET INTRANET SCENARIO

by: =?Utf-8?B?a21jY29za2V5?= | last post by:

I'm trying to access an access database on the file server from a web server using asp.net and IIS 6.0. I can do it when I have anonymous access enabled in IIS 6.0 as in the public internet web site style. I want to do the same with the intranet setup where IIS 6.0 is not setup to allow anonymous access. The way the intranet works is the user authenticates to the IIS 6.0 web server through group membership in an active directory domain. ...

ASP.NET

1972

File Access via the Web

by: Dave | last post by:

I have a web app that needs to access a folder on a different server. The other server "IS" on a domain. I tried using DirectoryInfo, even with a Virtual Directory, only to find that it pertains to the local box. Can anyone point me in the direction of being able to access the file struction on another server? Thanks

C# / C Sharp

10162

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

10100

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

9959

Discussion: How does Zigbee compare with other wireless protocols in smart home applications?

by: tracyyun | last post by:

Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...

General

8988

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

7509

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

6744

Couldn’t get equations in html when convert word .docx file to html file in C#.

by: conductexam | last post by:

I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...

C# / C Sharp

5528

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

4061

transfer the data from one system to another through ip address

by: 6302768590 | last post by:

Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system

C# / C Sharp

3665

How to add payments to a PHP MySQL app.

by: muto222 | last post by:

How can i add a mobile payment intergratation into php mysql website.

PHP