我有一个 System.Management.WqlEventQuery 监听“__InstanceOperationEvent” 事件。此事件是 "__InstanceCreationEvent"、"__InstanceDeletionEvent" 和 "__InstanceModificationEvent" 事件的基类,因此它捕获所有三个事件。
当我的 WqlEventQuery.Condition 为 “TargetInstance ISA 'Win32_LogicalDisk'” 时,我仅收到逻辑磁盘的事件,如预期的那样。
但是,当我的 WqlEventQuery.Condition 为 “(TargetInstance ISA 'Win32_LogicalDisk' 或 TargetInstance ISA 'Win32_MappedLogicalDisk')” 时,我仍然只得到 Win32_LogicalDisk事件。
或者,我还应该能够使用 WqlEventQuery.Condition 设置为 "TargetInstance ISA 'CIM_LogicalDisk'",因为 CIM_LogicalDisk 是Win32_LogicalDisk 和 Win32_MappedLogicalDisk。不幸的是,这个替代查询也只返回 Win32_LogicalDisk 事件。
总之,我似乎无法捕获 Win32_MappedLogicalDisk 事件。我的假设是,当我右键单击网络共享并将其作为网络驱动器映射到新驱动器号时,应该生成此类事件。尽管这个新的映射驱动器在资源管理器中显示得很好,但我的程序从未收到任何事件。
我的任何假设都是错误的吗?什么是 Win32_MappedLogicalDrive 或者它与 Win32_LogicalDrive DriveType 是“NetworkDrive”吗?如何使用 WMI 捕获连接/断开网络驱动器的事件?
更新:我在这里发布了有关此问题的更多信息:http://social.technet.microsoft.com/Forums/en-US/ocsmanagement/thread/1c92f08b-b9c9-4f27-a1bb-0c16a8868d19事实证明这是一个不幸的一面 - UAC 的影响,除了在管理帐户下创建重复的驱动器映射之外,没有其他解决办法。
I have a System.Management.WqlEventQuery listening for the "__InstanceOperationEvent" event. This event is the base class for the "__InstanceCreationEvent", "__InstanceDeletionEvent", and "__InstanceModificationEvent" events, so it captures all three.
When my WqlEventQuery.Condition is "TargetInstance ISA 'Win32_LogicalDisk'", I get events for logical disks only, as expected.
However, when my WqlEventQuery.Condition is "(TargetInstance ISA 'Win32_LogicalDisk' or TargetInstance ISA 'Win32_MappedLogicalDisk')", I still get only Win32_LogicalDisk events.
Alternatively, I should also be able to use WqlEventQuery.Condition set as "TargetInstance ISA 'CIM_LogicalDisk'", because CIM_LogicalDisk is the base class for both Win32_LogicalDisk and Win32_MappedLogicalDisk. Unfortunately, this alternative query also returns only Win32_LogicalDisk events.
In summary, I cannot seem to capture Win32_MappedLogicalDisk events. My assumption is that such an event should be generated when I right click a network share and map it as a network drive to a new drive letter. Despite this new mapped drive showing up in Explorer just fine, my program never receives any event.
Are any of my assumptions wrong? What is a Win32_MappedLogicalDrive or what distinguishes it from a Win32_LogicalDrive whose DriveType is "NetworkDrive"? How can I capture events for connecting/disconnecting network drives using WMI?
UPDATE: I posted more on this problem here: http://social.technet.microsoft.com/Forums/en-US/ocsmanagement/thread/1c92f08b-b9c9-4f27-a1bb-0c16a8868d19 It's turning out to be an unfortunate side-effect of UAC, with no work around except to create duplicate drive mappings under an administrative account.
发布评论
评论(1)
我四处搜寻,发现这是(像往常一样)某种与 Vista/Window 7 UAC 相关的行为,当然…… http://www.vistax64.com/powershell/270814-win32_mappedlogicdisk-returns-null-vista.html
由于映射驱动器是“每个用户”的,因此由非提升的驱动器映射的驱动器以管理员身份运行的 WMI 查询无法看到用户(例如,来自资源管理器)。这是违反直觉的,因为通常应用程序可以访问以管理员身份运行的更多信息,而不是更少。因此,根据谁映射了驱动器,它可能对程序可见,具体取决于它是否以提升的权限运行。我想我将不得不使用模拟选项来确保程序找到它可能访问的所有驱动器。
此外,一旦工作正常,我看到网络驱动器的重复条目,并意识到 Win32_LogicalDisk 对象集包括 Win32_MappedLogicalDisk 对象,即使就任何类层次结构而言,Win32_MappedLogicalDIsk 都不是 Win32_LogicalDisk。根据文档,Win32_MappedLogicalDisk 与 Win32_LogicalDisk 一样,直接从 CIM_LogicalDisk 扩展。
请参阅此处有关映射驱动器 UAC 引起的问题的讨论:http://blogs.msdn.com/b/cjacks/archive/2007/02/19/mapped-network-drives-with-uac-on-windows-vista.aspx?PageIndex=2< /a>
摘录:
另一种解决方法有点像为管理员复制驱动器映射,但涉及允许普通用户通过链接令牌与管理员共享驱动器映射。请参阅 http://support.microsoft.com/kb/937624
I searched around figuring this was (as usual) some kind of Vista/Window 7 UAC-related behavior, and sure-enough... http://www.vistax64.com/powershell/270814-win32_mappedlogicaldisk-returns-null-vista.html
Since mapped drives are "per user", a drive mapped by a non-elevated user (e.g. from Explorer) cannot be seen by a WMI query running elevated as administrator. That's counter-intuitive, because usually an application can access more information running as an administrator, not less. So depending on who mapped the drive, it may be visible to a program depending on whether it's running with elevated privileges or not. I guess I will have to use the impersonation options to ensure the program locates all the drives it can possibly access.
In addition, once this was working, I saw duplicate entries for networked drives and realized that the set of Win32_LogicalDisk objects includes Win32_MappedLogicalDisk objects, even though Win32_MappedLogicalDIsk is not a Win32_LogicalDisk as far as any class hierarchy is concerned. Win32_MappedLogicalDisk, like Win32_LogicalDisk, extends directly from CIM_LogicalDisk according to the documentation.
See discussion on problems caused by UAC for mapped drives here: http://blogs.msdn.com/b/cjacks/archive/2007/02/19/mapped-network-drives-with-uac-on-windows-vista.aspx?PageIndex=2
Excerpt:
Another workaround is kind of like duplicating the drive mappings for administrators, but involves allowing normal user drive mappings to be shared with administrators by linking thier tokens. See http://support.microsoft.com/kb/937624