All geek questions in one place

Managing a Remote Service Using Alternate Credentials

- Original post -

I am trying to manage (start / stop) a windows service on a remote machine using alternate credentials. I know that I can use the ServiceController class to manage the service using my current credentials:

Dim sc As New ServiceController(ServiceName, ComputerName)

but I want to use different credentials. Other classes that I use (DirectoryEntry and System.Management) support the use of alternative credentials ... Help would be greatly appreciated.

- Working code (built on the basis of the accepted answer) -

I have to admit that I was skeptical, this will work ... but below is the code. I had to make minor changes to the code you suggested. Whenever I tried IPC $, it would return a result code of 53, although I am sure that this resource exists. So, at the suggestion of another website, I deleted part and only the name of the computer, and it worked.

 Imports System.Runtime.InteropServices Imports System.Net Imports System.IO Imports System.ServiceProcess Module Module1 Sub Main() Dim Computername As String = "SomeComputer" 'Create connection to remote computer' Using nc As New NetworkConnection("\\" + Computername, New NetworkCredential("Domain\User", "Password")) Dim sc As New ServiceController("Windows Firewall/Internet Connection Sharing (ICS)", Computername) 'now we can start/stop/whatever we want here' End Using Console.ReadLine() End Sub Public Class NetworkConnection Implements IDisposable Private _networkName As String Public Sub New(ByVal networkName As String, ByVal credentials As NetworkCredential) _networkName = networkName Dim netResource = New NetResource() With { _ .Scope = ResourceScope.GlobalNetwork, _ .ResourceType = ResourceType.Disk, _ .DisplayType = ResourceDisplaytype.Share, _ .RemoteName = networkName _ } Dim result = WNetAddConnection2(netResource, credentials.Password, credentials.UserName, 0) If result <> 0 Then Throw New IOException("Error connecting to remote share", result) End If End Sub Protected Overrides Sub Finalize() Try Dispose(False) Finally MyBase.Finalize() End Try End Sub Public Sub Dispose() Implements System.IDisposable.Dispose Dispose(True) GC.SuppressFinalize(Me) End Sub Protected Sub Dispose(ByVal disposing As Boolean) WNetCancelConnection2(_networkName, 0, True) End Sub <DllImport("mpr.dll")> _ Private Shared Function WNetAddConnection2(ByVal netResource As NetResource, ByVal password As String, ByVal username As String, ByVal flags As Integer) As Integer End Function <DllImport("mpr.dll")> _ Private Shared Function WNetCancelConnection2(ByVal name As String, ByVal flags As Integer, ByVal force As Boolean) As Integer End Function End Class <StructLayout(LayoutKind.Sequential)> _ Public Class NetResource Public Scope As ResourceScope Public ResourceType As ResourceType Public DisplayType As ResourceDisplaytype Public Usage As Integer Public LocalName As String Public RemoteName As String Public Comment As String Public Provider As String End Class Public Enum ResourceScope As Integer Connected = 1 GlobalNetwork Remembered Recent Context End Enum Public Enum ResourceType As Integer Any = 0 Disk = 1 Print = 2 Reserved = 8 End Enum Public Enum ResourceDisplaytype As Integer Generic = &H0 Domain = &H1 Server = &H2 Share = &H3 File = &H4 Group = &H5 Network = &H6 Root = &H7 Shareadmin = &H8 Directory = &H9 Tree = &HA Ndscontainer = &HB End Enum End Module
+1
source share
1 answer

To make a remote login, you must use WNetAddConnection2 (see http://msdn.microsoft.com/en-us/library/aa385413.aspx ) or NetUseAdd (see http://msdn.microsoft.com/en -us / library / aa370645.aspx ) API. You can use \\RemoteComputer\IPC$ as the target resource.

UPDATED based on a question from a comment: The explanation for IPC $ sessions can be long. Only basic information.

If you want to do something on the remote computer, the first thing to do is establish an authenticated โ€œconnectionโ€ to the remote computer. A network login ( remote login ) will be performed on the remote computer, which works just like a local login. The session of the network logon session remains on, and if you have a connection to the example \\RemoteComputer\share1 and another program on your computer, try to access it, for example \\RemoteComputer\share2 , the same session will be used.

You can simulate the situation using net.exe . Just run cmd.exe and type

 net use \\RemoteComputer\IPC$ /u:Domain\User password

or

 net use \\RemoteComputer\IPC$ /u:RemoteComputer\LocalRemoteUser password

then you will have a connection to the destination computer. Then you can enter \\RemoteComputer\AnyShare in Explorer and access the file system under the credentials of the user Domain\User or RemoteComputer\LocalRemoteUser . To disable use

 net use \\RemoteComputer\IPC /d

If you try to start / stop the service on a remote computer, it will try to establish the same IPC session. If you already have such a session with one of the user credentials, it will be used. Functions WNetAddConnection2 , NetUseAdd can be used as a replacement for "network use". If you constantly want to access a remote computer with other user credentials, you can use CredWrite , CredWriteDomainCredentials or CredUIPromptForCredentials / CredUIPromptForWindowsCredentials . Function Cred function seems to me not the best way for your business.

+2
source

Source: https://habr.com/ru/post/1386931/

More articles:


All Articles