堆栈内存溢出
  简体   繁体   English

使用管理员以wmi查询访问root \\ MicrosoftIISV2拒绝访问

[英]Access denied on wmi query to root\MicrosoftIISV2 with Administrator

 原文  2017-08-03 15:26:08       c#/ .net/ powershell/ wmi/ get-wmiobject

问题描述

I'm doing a wmi query to check whether a IIS pool is running. 我正在执行wmi查询,以检查IIS池是否正在运行。 Via powershell, the query works 通过Powershell,查询有效 

Get-WmiObject `
    -Credential (Get-Credential) `
    -ComputerName MyMachine `
    -Namespace root\MicrosoftIISV2 `
    -Query "select * from IISApplicationPoolSetting where Name='W3SVC/APPPOLLS/MyPool'"

Via C#, I get a ManagementException with the ErrorCode AccessDenied 通过C#,我得到一个ErrorException AccessDeniedManagementException 

var ms = new ManagementScope($@"\\{myMachine}\root\MicrosoftIISV2", new ConnectionOptions
{
    Username = $".\\Administrator",
    SecurePassword = Secure("adminPwd")
});
var query = "SELECT * FROM IISApplicationPoolSetting where name='W3SVC/APPPOLLS/MyPool'";
using (var searcher = new ManagementObjectSearcher(ms, new SelectQuery(query)))
{
    var objects = searcher.Get(); // throws here
}

The user in both cases is the machine Administrator account. 在这两种情况下,用户都是计算机管理员帐户。 I'm hoping this won't be necessary by setting the correct permissions. 我希望通过设置正确的权限不必这样做。

I'm also checking the status of windows services by doing a query to the root\\cimv2 namespace and the Win32_Service class and it works perfectly in both aproaches. 我还通过查询root\\cimv2命名空间和Win32_Service类来检查Windows服务的状态,它在两种方法中均能完美运行。

Before I could get any approach working, I had to disable remote UAC. 在我无法使用任何方法之前,我必须禁用远程UAC。 

Set-ItemProperty `
    -Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System `
    -Name LocalAccountTokenFilterPolicy -Value 1 -Type DWORD

My questions are related to permissions/privileges: 我的问题与权限/特权有关:

  1. Why do I get the AccessDenied Exception with the Administrator user? 为什么管理员用户会收到AccessDenied异常? How can I debug this? 我该如何调试?
  2. Is disabling the remote UAC strictly necessary? 严格禁用远程UAC是必需的吗?
  3. Is using the Administrator account or an user in the Administrators group unavoidable? 是否不可避免地使用管理员帐户或管理员组中的用户?

1 个解决方案

解决方案1
 0 已采纳  2017-08-03 16:26:27

I think I got a part of it. 我想我参与其中。 

new ConnectionOptions
{
    Username = ".\\localAdministrator",
    SecurePassword = Secure("localAdminPwd"),
    Authentication = AuthenticationLevel.PacketPrivacy
}

With the PacketPrivacy option, there is no exception no more, and I can use a local administrator (just a user in the Administrators group). 有了PacketPrivacy选项,就再也没有例外,我可以使用本地管理员(仅是Administrators组中的用户)。

I'm not sure what this option does and why it's needed but it solved my main problem. 我不确定此选项的作用以及为什么需要它,但是它解决了我的主要问题。 If anyone understands this well enough to explain I still can mark the answer as accepted. 如果有人足够理解这一点,我可以将答案标记为已接受。

I'll keep exploring about the permissions to find out exactly what permissions are needed. 我将继续探索权限,以确切地找到所需的权限。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 WMI访问被拒绝 - WMI Access denied excptn WMI访问被拒绝 - WMI Access Denied WMI访问被拒绝的问题 - WMI Access denied issue “访问被拒绝”WMI异常 - “Access is denied” Exception with WMI 在管理员模式下无法查询WMI - Cant query WMI when in Administrator mode WMI ConnectServer到ROOT \\ CIMV2对于C ++应用程序返回“访问被拒绝”,但对于C#应用程序工作正常 - WMI ConnectServer to ROOT\CIMV2 returns 'Access Denied' for C++ Application but works fine for C# Application 仅Windows XP的WMI中的访问被拒绝问题 - Access Denied Problem in WMI for Windows XP only 使用 WMI 调用解决“拒绝访问”异常 - Addressing “Access Denied” Exception with WMI Calls 2003服务器上的WMI访问被拒绝问题 - WMI Access Denied Problem on 2003 Server 无法使用WMI访问远程计算机的硬件信息:拒绝访问 - Can't access hardware info of remote computer with WMI: Access is denied
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM