DirectoryEntry.NativeObject 对 Windows 2008 中管理员组中的用户抛出访问被拒绝的错误
我有一个本地用户,它是管理员本地组的成员。
当我运行此代码时:
using System;
using System.DirectoryServices;
namespace nanttest
{
class Program
{
public static void Main(string[] args)
{
using(DirectoryEntry entry = new DirectoryEntry("IIS://localhost/W3SVC"))
{
object absobject = entry.NativeObject;
Console.WriteLine("Name: {0}", entry.Name);
}
Console.Write("Press any key to continue . . . ");
Console.ReadKey(true);
}
}
}
我收到:
未处理的异常: System.Runtime.InteropServices.COMException (0x80070005):访问被拒绝。
在 System.DirectoryServices.DirectoryEntry.Bind(布尔值 如果失败则抛出) System.DirectoryServices.DirectoryEntry.Bind() 在 System.DirectoryServices.DirectoryEntry.get_NativeObject() 在 nanttest.Program.Main(String[] 参数)中 c:\Work\nanttest\nanttest\Program.cs:line 20
如果我以管理员身份登录时运行此代码,则它可以正常工作。
另外,如果我以 DomainAdmin 用户身份登录运行此代码,则会失败。 我已将 MYDOMAIN\DomainAdmins 和 MYDOMAIN\mydomainuser 添加为本地管理员组的成员。
我应该为这些用户添加哪些其他权限,以便他们可以运行此代码。
I have a local user, which is member of Administrators local group.
When I run this code:
using System;
using System.DirectoryServices;
namespace nanttest
{
class Program
{
public static void Main(string[] args)
{
using(DirectoryEntry entry = new DirectoryEntry("IIS://localhost/W3SVC"))
{
object absobject = entry.NativeObject;
Console.WriteLine("Name: {0}", entry.Name);
}
Console.Write("Press any key to continue . . . ");
Console.ReadKey(true);
}
}
}
I receive:
Unhandled Exception:
System.Runtime.InteropServices.COMException
(0x80070005): Access is denied.at
System.DirectoryServices.DirectoryEntry.Bind(Boolean
throwIfFail) at
System.DirectoryServices.DirectoryEntry.Bind()
at
System.DirectoryServices.DirectoryEntry.get_NativeObject()
at nanttest.Program.Main(String[]
args) in
c:\Work\nanttest\nanttest\Program.cs:line
20
If I run this code while logged in as Administrator, it works OK.
Also, this code fails if I run it logged in as a DomainAdmin user. I have added MYDOMAIN\DomainAdmins and MYDOMAIN\mydomainuser as members of local Administrators group.
What other permissions should I add for these users, so they can run this code.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
回答我自己的问题,以便其他人可以找到解决方案:
问题在于 Windows 2008 中的默认 UAC 设置。即使用户位于管理员组中,他/她仍然需要提升权限才能运行某些操作(上面的操作)似乎也在其中)。
因此,解决方案 1 - 使用“以管理员身份运行”运行应用程序,或者从使用该选项启动的命令提示符启动它。
解决方案 2:为管理员组禁用 UAC - 我使用了本文中的方法 #3 (组策略更改)。 请记住在这些更改后重新启动服务器。
To answer my own question, so others can find a solution:
The problem is with the default UAC settings in Windows 2008. Even if a user is in the Administrators group, he/she still needs elevated privileges to run some operations (the one above appears to be among them).
So, solution 1 - run the application using "Run as administrator", or start it from a command prompt, which was started with that option.
Solution 2: Disable UAC for administrators group - I have used method #3 from this article (group policy changes). Remember to reboot the server after these changes.