473,385 Members | 1,337 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > visual basic .net > questions > impersonated user cannot access local filesystem on w2k3 r2 server

Join Bytes to post your question to a community of 473,385 software developers and data experts.

impersonated user cannot access local filesystem on W2K3 R2 server

attached code-segment is used
1. calling without "privileged" works well with current local-SYSTEM-account
2. after setting "privileged"-flag I cannot access the local filesystem any longer, although the user for impersonation is DOMAIN-ADMIN-Account and can login on the server correctly.

Whenever I try to run the program directly logged in to the server it runs correctly. But I have the need to get this task run automatically with local-SYSTEM-account.
I tried to use standard-impersonation with LogonUser from advapi32.dll (now removed) as well as giving user-, password- and domain-information to process.startinfo and both together. Neither works in "privileged" mode, both very well in "standard" mode without impersonation.

The intention is to run modifyable vbs-Scripts from the more complex "main"-program and therefore handle future modification requests and enhancements easily. A kind of "framework" using "C:\windows\system32\cscript.exe".

On the server I already changed the "local security settings/Replace a process level token Properties" to allow local System the replacement.
And furthermore I changed the ".Net-Configuration / Runtime-security policy / Permission Set" to allow all code executed. Nothing worked up to now.

Server where the program should run is a domain-member-server Windows 2003 R2 Enterprise edition with SP2 installed.
The "privileged" user is a "Domain Administrator" (therefore has enough rights on the memberserver).

Where is the problem??? What have I to do to get this task run?


Expand|Select|Wrap|Line Numbers
  1.     Private Function callProcedure(ByRef path As String, ByRef procedure As String, ByRef params As String, Optional ByRef privileged As Boolean = False) As String
  2.         dolog(9, "Function callProcedure (" & path & ", " & procedure & ", " & params & ")")
  3.         callProcedure = ""
  4.  
  5.         Dim proc As Process = New Process()
  6.         proc.StartInfo.UseShellExecute = False
  7.         proc.StartInfo.RedirectStandardOutput = True
  8.         proc.StartInfo.Arguments = params
  9.         proc.StartInfo.WindowStyle = System.Diagnostics.ProcessWindowStyle.Hidden
  10.         proc.StartInfo.CreateNoWindow = True
  11.         proc.StartInfo.WindowStyle = ProcessWindowStyle.Hidden
  12.         proc.StartInfo.FileName = path & "\" & procedure
  13.         ' set current directory to c:\windows\system32 in order to run scripts correctly - didn't work
  14.         dolog(9, My.User.Name)
  15.         If LCase(Microsoft.VisualBasic.Right(proc.StartInfo.FileName, 3)) = "vbs" Then
  16.             proc.StartInfo.Arguments = proc.StartInfo.FileName & " " & params
  17.             proc.StartInfo.FileName = "c:\windows\system32\cscript.exe"
  18.         End If
  19.         dolog(9, "proc.Startinfo.Arguments=" & proc.StartInfo.Arguments)
  20.         If privileged Then
  21.             dolog(9, "impersonation start")
  22.             proc.StartInfo.UserName = tADUser.Text
  23.             proc.StartInfo.Domain = domainname
  24.             proc.StartInfo.Password = New System.Security.SecureString
  25.             For Each c In (tADPassword.Text)
  26.                 proc.StartInfo.Password.AppendChar(c)
  27.             Next
  28.             proc.StartInfo.FileName = "c:\windows\system32\whoami.exe" ' only to test access to local filesystem
  29.             dolog(9, proc.StartInfo.UserName & " " & proc.StartInfo.Domain)
  30.         End If
  31.         Try
  32.             dolog(9, "start ")
  33.             proc.Start()
  34.             proc.WaitForExit(600000)
  35.             Dim sOut As StreamReader = proc.StandardOutput
  36.             callProcedure = sOut.ReadToEnd
  37.             If Not proc.HasExited Then
  38.                 dolog(1, "Procedure " & procedure & " did not exit within 10 min. Process is aborted!")
  39.                 proc.Kill()
  40.             End If
  41.             dolog(9, "Procedure " & procedure & " started at " & proc.StartTime & " and exited with " & proc.ExitCode & _
  42.                   " at " & proc.ExitTime)
  43.         Catch ex As Exception
  44.             dolog(0, "Error: " & Err.Description)
  45.         End Try
  46.  
  47.         proc = Nothing
  48.         dolog(9, vbCrLf & "callProcedure returns: " & vbCrLf & callProcedure & vbCrLf)
  49.     End Function
  50.  
---- First part: run "callProcedure without "privileged"-flag runs best:
Function callProcedure (C:\WINDOWS\system32\adm4USD, pwdresetc.vbs, "username"="anyuser" "password reset"="Y" )
NT AUTHORITY\SYSTEM
proc.Startinfo.Arguments=C:\WINDOWS\system32\adm4U SD\pwdresetc.vbs "username"="anyuser" "password reset"="Y"
start
Procedure pwdresetc.vbs started at 02.07.2010 22:24:42 and exited with 0 at 02.07.2010 22:24:43

callProcedure returns:
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

++++ and output from script

--- second part: run "callProcedure WITH "privileged"-flag:
Function callProcedure (C:\WINDOWS\system32\adm4USD, pwdresetr.vbs, "username"="anyuser" "password reset"="Y" )
NT AUTHORITY\SYSTEM
proc.Startinfo.Arguments=C:\WINDOWS\system32\adm4U SD\pwdresetr.vbs "username"="anyuser" "password reset"="Y"
impersonation start
admin-account-name domainname
start
Error: Access is denied

callProcedure returns:
Jul 3 '10 #1
0 1455

Sign in to post your reply or Sign up for a free account.

Similar topics

1
Granted User Cannot Access Database
by: spambuster | last post by:
Hello all, I'm relatively new to mysql and I'm having some trouble creating a user that can access a database that I've created. Here's what I've done: 1. As root, created a database called...
PHP
1
Granted User Cannot Access Database (help please)
by: spambuster | last post by:
Hello all, I'm relatively new to mysql and I'm having some trouble creating a user that can access a database that I've created. Here's what I've done: 1. As root, created a database called...
MySQL Database
6
W2K3 Service w/ UNC Access, Local Disk Access, and DB Access
by: Rob | last post by:
Hi, I am working on a project that requires a Windows Service which performs the following file transfer functions. 1. It monitors a specific local directory on a Windows 2003 Server. 2. When...
C# / C Sharp
5
Change impersonated user during runtime
by: Markus Stehle | last post by:
Hi all! I have asp.net web application that uses static impersonation. Is it possible to change the impersonated user during runtime? Within some parts of my application I would like to...
ASP.NET
6
Server cannot access application directory
by: Grant | last post by:
Hi, I'm trying to setup a web server to host asp.net 1.1... but keep getting the following error message: Hopefully someone can give me some ideas on what I may need to do. Thanks in...
ASP.NET
3
Cannot connect to Access 2000 DB using impersonated user
by: stueyh | last post by:
When attempting to connect to an Access 2000 DB using ADO.Net from within ASP.Net running under an impersonated local user account receiving the following error. ERROR Disk or network error....
ASP.NET
1
W2K3 server permissions for an ASP.NET
by: WohooWahoo | last post by:
I just finished writing an app for an ASP.NET website which uses SQL, C# ASP.NET and web services on my development box. Ported the app over to the Web Server (running W2K3, IIS 6, SQL2K), created...
ASP.NET
0
cannot access sql server express
by: casper | last post by:
Hi, I use asp.net 2.0 and VWD on a windows 2000 server with IIS 5.0. This computer is also the domain controler. The user who uses the aspx page is the domain administrator. The aspx code is...
ASP.NET
0
access 97 on W2K3 slow file browsing
by: ysh8o1 | last post by:
Hi, We upgraded our W2K for a W2K3 server at the beginning of the year. It's purpose is to handle TS distribution of a couple of MS-ACCESS 97 apps stored locally on the server. The server is...
Microsoft Access / VBA
3
Multiple user's cannot access the application
by: john20 | last post by:
Hi All, I have created web application using vb.net and deployed on the windows 2003 server. what is happening that multiple user cannot access the application means when one user access the...
.NET Framework
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!