[英]Access denied on wmi query to root\MicrosoftIISV2 with Administrator
I'm doing a wmi query to check whether a IIS pool is running. 我正在执行wmi查询,以检查IIS池是否正在运行。 Via powershell, the query works
通过Powershell,查询有效
Get-WmiObject `
-Credential (Get-Credential) `
-ComputerName MyMachine `
-Namespace root\MicrosoftIISV2 `
-Query "select * from IISApplicationPoolSetting where Name='W3SVC/APPPOLLS/MyPool'"
Via C#, I get a ManagementException
with the ErrorCode AccessDenied
通过C#,我得到一个ErrorException
AccessDenied
的ManagementException
var ms = new ManagementScope($@"\\{myMachine}\root\MicrosoftIISV2", new ConnectionOptions
{
Username = $".\\Administrator",
SecurePassword = Secure("adminPwd")
});
var query = "SELECT * FROM IISApplicationPoolSetting where name='W3SVC/APPPOLLS/MyPool'";
using (var searcher = new ManagementObjectSearcher(ms, new SelectQuery(query)))
{
var objects = searcher.Get(); // throws here
}
The user in both cases is the machine Administrator account. 在这两种情况下,用户都是计算机管理员帐户。 I'm hoping this won't be necessary by setting the correct permissions.
我希望通过设置正确的权限不必这样做。
I'm also checking the status of windows services by doing a query to the root\\cimv2
namespace and the Win32_Service
class and it works perfectly in both aproaches. 我还通过查询
root\\cimv2
命名空间和Win32_Service
类来检查Windows服务的状态,它在两种方法中均能完美运行。
Before I could get any approach working, I had to disable remote UAC. 在我无法使用任何方法之前,我必须禁用远程UAC。
Set-ItemProperty `
-Path HKLM:\Software\Microsoft\Windows\CurrentVersion\Policies\System `
-Name LocalAccountTokenFilterPolicy -Value 1 -Type DWORD
My questions are related to permissions/privileges: 我的问题与权限/特权有关:
I think I got a part of it. 我想我参与其中。
new ConnectionOptions
{
Username = ".\\localAdministrator",
SecurePassword = Secure("localAdminPwd"),
Authentication = AuthenticationLevel.PacketPrivacy
}
With the PacketPrivacy option, there is no exception no more, and I can use a local administrator (just a user in the Administrators group). 有了PacketPrivacy选项,就再也没有例外,我可以使用本地管理员(仅是Administrators组中的用户)。
I'm not sure what this option does and why it's needed but it solved my main problem. 我不确定此选项的作用以及为什么需要它,但是它解决了我的主要问题。 If anyone understands this well enough to explain I still can mark the answer as accepted.
如果有人足够理解这一点,我可以将答案标记为已接受。
I'll keep exploring about the permissions to find out exactly what permissions are needed. 我将继续探索权限,以确切地找到所需的权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.