Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

C# WMI runs an exe on a remote PC that then runs another exe on the same PC that then calls Directory.CreateDirectory on a network path and fails

Using C# WMI I start an exe on another computer and this exe starts another exe using the C# Process class. The last exe tries to call Directory.CreateDirectory using a network path (aka \\\\comp1\d$\dir\). Directory.CreateDirectory throws this exception:

Access to the path '\\\\blah\blah\blah' is denied.   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, DirectorySecurity dirSecurity)
   at System.IO.Directory.CreateDirectory(String path, DirectorySecurity directorySecurity)

If I run the third exe directly in a console on the computer it exists on this exception isn't thrown and everything works fine.

The security settings for the folder where the directory is being created has "Everyone" given full permissions.

How do I fix this problem?

like image 986
jestro Avatar asked Feb 18 '10 20:02

jestro


2 Answers

Also be aware that when launching an app via WMI, there is a third layer of rights. For instance, if you invoke a method on an existing WMI object, it may not delegate the callers rights, or even the rights of the host exe, but will have an Empty Principal. This may be happening to you.

Go to Computer Management, and under Services and Applications, right click on the WMI Control node and select Properties. Go to the Security Tab, and then navigate to the correct WMI Namespace (most likely root\CIMV2) and make sure the user you are using has the appropriate rights there as well.

like image 96
Nick Avatar answered Sep 30 '22 21:09

Nick


As Aaron said, windows share security has two components The first is the security of the Share itself. The second is the security on the files and folders in that share.

Both have to allow the create directory access in order for this to work.

You should also know that the EVERYONE group includes domain computer accounts, the built in system account, domain users, guest, and authenticated users.

This means that the first thing you want to do is see what user this is actually running under. If it is running under the machine account AND it is not part of a domain then you will need to give that machine account access to the share and file system.

like image 27
NotMe Avatar answered Sep 30 '22 20:09

NotMe