从另一台远程计算机上的共享启动远程计算机上的WMI进程

Question

I have the following code to run a process on a remote machine from a share on a second remote machine as described in the image:

_{(source: microsoft.com )}

public class Runner
{
    public static string RunExecutable(string machine, string executable, string username, string password, string domain)
    {
        try
        {
            ConnectionOptions connectionOptions = new ConnectionOptions();
            connectionOptions.Authority = "kerberos:" + domain + @"\" + machine;
            connectionOptions.Username = username;
            connectionOptions.Password = password;
            connectionOptions.Impersonation = ImpersonationLevel.Delegate;
            connectionOptions.Authentication = AuthenticationLevel.PacketPrivacy;

            //define the WMI root name space
            ManagementScope scope = new ManagementScope(@"\\" + machine + "." + domain + @"\root\CIMV2", connectionOptions);

            //define path for the WMI class
            ManagementPath p = new ManagementPath("Win32_Process");

            //define new instance
            ManagementClass classInstance = new ManagementClass(scope, p, null);

            ManagementClass startupSettings = new ManagementClass("Win32_ProcessStartup");
            startupSettings.Scope = scope;
            startupSettings["CreateFlags"] = 16777216;

            // Obtain in-parameters for the method
            ManagementBaseObject inParams = classInstance.GetMethodParameters("Create");

            // Add the input parameters.
            inParams["CommandLine"] = executable;
            inParams["ProcessStartupInformation"] = startupSettings;

            // Execute the method and obtain the return values.
            ManagementBaseObject outParams = classInstance.InvokeMethod("Create", inParams, null);

            // List outParams
            string retVal = outParams["ReturnValue"].ToString();
            return "ReturnValue: " + retVal;
        }

        catch (ManagementException me)
        {
            return me.Message;
        }

        catch (COMException ioe)
        {
            return ioe.Message;
        }
    }
}

I have 5 machines in my environment, all in the same domain. 3 are running Windows Server 2008R2, one Windows 7 and one Windows XP:

• WinXP
• Win7
• Master2008
• Slave2008-1
• Slave2008-2

I run the code from Master2008, the domain controller, and try to start a process on the other machines, but run into some problems when starting a process on the XP and 7 machines.

When starting the process on the WinXP and Win7 machines i get a return value of 8, which is "Unknown error", but when starting the process on the Server 2008R2 machines it works without problems.

All the machines has been marked as trusted for delegation in AD.

The process I'm trying to start is \\\\"machine"\\c$\\Windows\\System32\\Calc.exe

I've tried running the process from different machines, and the result was the following (The program is beeing run on Master2008):

On WinXP
 - From Win7: Failed (8)
 - From Slave2008-1: Failed (8)
 - From Slave2008-2: Failed (8)
 - From Master2008: Failed (8)

On Win7
 - From WinXP: Success (0)
 - From Slave2008-1: Failed (8)
 - From Slave2008-2: Failed (8)
 - From Master2008: Failed (8)

On Slave2008-1
 - From WinXP: Success (0)
 - From Win7: Success (0)
 - From Slave2008-2: Success (0)
 - From Master2008: Success (0)

On Slave2008-2
 - From WinXP: Success (0)
 - From Win7: Success (0)
 - From Slave2008-1: Success (0)
 - From Master2008: Success (0)

For some reason, they all fail for WinXP machine, but the Win7 machine can install from the WinXP machine.

Does anyone have any idea what can be wrong?

Answer 1

It seems there were no problem with the code. I tried to make a simple application to start instead of "calc.exe" and it worked as it should.

The problem was that I was trying to start "calc.exe" from 64bit servers on a 32bit clients. Also, "calc.exe" on Windows7 wont run on WindowsXP.

Answer 2

Don't work. http://technet.microsoft.com/en-us/library/ee156574.aspx

You cannot use the Delegate impersonation level unless all the user accounts and computer accounts involved in the transaction have all been marked as Trusted for delegation in Active Directory. This helps minimize the security risks. Although a remote computer can use your credentials, it can do so only if both it and any other computers involved in the transaction are trusted for delegation.