从另一台远程计算机上的共享启动远程计算机上的 WMI 进程
我有以下代码可以从第二台远程计算机上的共享在远程计算机上运行进程,如图所示:
(来源:microsoft.com)
public class Runner
{
public static string RunExecutable(string machine, string executable, string username, string password, string domain)
{
try
{
ConnectionOptions connectionOptions = new ConnectionOptions();
connectionOptions.Authority = "kerberos:" + domain + @"\" + machine;
connectionOptions.Username = username;
connectionOptions.Password = password;
connectionOptions.Impersonation = ImpersonationLevel.Delegate;
connectionOptions.Authentication = AuthenticationLevel.PacketPrivacy;
//define the WMI root name space
ManagementScope scope = new ManagementScope(@"\\" + machine + "." + domain + @"\root\CIMV2", connectionOptions);
//define path for the WMI class
ManagementPath p = new ManagementPath("Win32_Process");
//define new instance
ManagementClass classInstance = new ManagementClass(scope, p, null);
ManagementClass startupSettings = new ManagementClass("Win32_ProcessStartup");
startupSettings.Scope = scope;
startupSettings["CreateFlags"] = 16777216;
// Obtain in-parameters for the method
ManagementBaseObject inParams = classInstance.GetMethodParameters("Create");
// Add the input parameters.
inParams["CommandLine"] = executable;
inParams["ProcessStartupInformation"] = startupSettings;
// Execute the method and obtain the return values.
ManagementBaseObject outParams = classInstance.InvokeMethod("Create", inParams, null);
// List outParams
string retVal = outParams["ReturnValue"].ToString();
return "ReturnValue: " + retVal;
}
catch (ManagementException me)
{
return me.Message;
}
catch (COMException ioe)
{
return ioe.Message;
}
}
}
我有我的环境中有 5 台机器,都在同一个域中。 3 台运行 Windows Server 2008R2,一台运行 Windows 7,一台运行 Windows XP:
- WinXP
- Win7
- Master2008
- Slave2008-1
- Slave2008-2
我从域控制器 Master2008 运行代码,并尝试在其他计算机上启动进程,但遇到了一些问题在 XP 和 7 机器上启动进程时出现问题。
在 WinXP 和 Win7 计算机上启动该进程时,我得到的返回值为 8,这是“未知错误”,但在 Server 2008R2 计算机上启动该进程时,它可以正常工作。
所有计算机均已在 AD 中标记为可信任委派。
我试图启动的进程是 \\"machine"\c$\Windows\System32\Calc.exe
我尝试从不同的机器上运行该进程,结果如下(该程序正在 Master2008 上运行):
On WinXP
- From Win7: Failed (8)
- From Slave2008-1: Failed (8)
- From Slave2008-2: Failed (8)
- From Master2008: Failed (8)
On Win7
- From WinXP: Success (0)
- From Slave2008-1: Failed (8)
- From Slave2008-2: Failed (8)
- From Master2008: Failed (8)
On Slave2008-1
- From WinXP: Success (0)
- From Win7: Success (0)
- From Slave2008-2: Success (0)
- From Master2008: Success (0)
On Slave2008-2
- From WinXP: Success (0)
- From Win7: Success (0)
- From Slave2008-1: Success (0)
- From Master2008: Success (0)
由于某种原因,它们在WinXP机器上都失败,但是Win7机器可以从WinXP机器安装。
有谁知道可能出了什么问题吗?
I have the following code to run a process on a remote machine from a share on a second remote machine as described in the image:
(source: microsoft.com)
public class Runner
{
public static string RunExecutable(string machine, string executable, string username, string password, string domain)
{
try
{
ConnectionOptions connectionOptions = new ConnectionOptions();
connectionOptions.Authority = "kerberos:" + domain + @"\" + machine;
connectionOptions.Username = username;
connectionOptions.Password = password;
connectionOptions.Impersonation = ImpersonationLevel.Delegate;
connectionOptions.Authentication = AuthenticationLevel.PacketPrivacy;
//define the WMI root name space
ManagementScope scope = new ManagementScope(@"\\" + machine + "." + domain + @"\root\CIMV2", connectionOptions);
//define path for the WMI class
ManagementPath p = new ManagementPath("Win32_Process");
//define new instance
ManagementClass classInstance = new ManagementClass(scope, p, null);
ManagementClass startupSettings = new ManagementClass("Win32_ProcessStartup");
startupSettings.Scope = scope;
startupSettings["CreateFlags"] = 16777216;
// Obtain in-parameters for the method
ManagementBaseObject inParams = classInstance.GetMethodParameters("Create");
// Add the input parameters.
inParams["CommandLine"] = executable;
inParams["ProcessStartupInformation"] = startupSettings;
// Execute the method and obtain the return values.
ManagementBaseObject outParams = classInstance.InvokeMethod("Create", inParams, null);
// List outParams
string retVal = outParams["ReturnValue"].ToString();
return "ReturnValue: " + retVal;
}
catch (ManagementException me)
{
return me.Message;
}
catch (COMException ioe)
{
return ioe.Message;
}
}
}
I have 5 machines in my environment, all in the same domain. 3 are running Windows Server 2008R2, one Windows 7 and one Windows XP:
- WinXP
- Win7
- Master2008
- Slave2008-1
- Slave2008-2
I run the code from Master2008, the domain controller, and try to start a process on the other machines, but run into some problems when starting a process on the XP and 7 machines.
When starting the process on the WinXP and Win7 machines i get a return value of 8, which is "Unknown error", but when starting the process on the Server 2008R2 machines it works without problems.
All the machines has been marked as trusted for delegation in AD.
The process I'm trying to start is \\"machine"\c$\Windows\System32\Calc.exe
I've tried running the process from different machines, and the result was the following (The program is beeing run on Master2008):
On WinXP
- From Win7: Failed (8)
- From Slave2008-1: Failed (8)
- From Slave2008-2: Failed (8)
- From Master2008: Failed (8)
On Win7
- From WinXP: Success (0)
- From Slave2008-1: Failed (8)
- From Slave2008-2: Failed (8)
- From Master2008: Failed (8)
On Slave2008-1
- From WinXP: Success (0)
- From Win7: Success (0)
- From Slave2008-2: Success (0)
- From Master2008: Success (0)
On Slave2008-2
- From WinXP: Success (0)
- From Win7: Success (0)
- From Slave2008-1: Success (0)
- From Master2008: Success (0)
For some reason, they all fail for WinXP machine, but the Win7 machine can install from the WinXP machine.
Does anyone have any idea what can be wrong?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
看来代码没有问题。我尝试制作一个简单的应用程序来启动而不是“calc.exe”,它按预期工作。
问题是我试图从 32 位客户端上的 64 位服务器启动“calc.exe”。另外,Windows7 上的“calc.exe”无法在WindowsXP 上运行。
It seems there were no problem with the code. I tried to make a simple application to start instead of "calc.exe" and it worked as it should.
The problem was that I was trying to start "calc.exe" from 64bit servers on a 32bit clients. Also, "calc.exe" on Windows7 wont run on WindowsXP.
别工作。
http://technet.microsoft.com/en-us/library/ee156574.aspx
除非事务中涉及的所有用户帐户和计算机帐户都已在 Active Directory 中标记为“受信任”,否则您无法使用“委托”模拟级别。这有助于最大限度地降低安全风险。尽管远程计算机可以使用您的凭据,但只有当它和事务中涉及的任何其他计算机都被信任进行委派时,它才能这样做。
Don't work.
http://technet.microsoft.com/en-us/library/ee156574.aspx
You cannot use the Delegate impersonation level unless all the user accounts and computer accounts involved in the transaction have all been marked as Trusted for delegation in Active Directory. This helps minimize the security risks. Although a remote computer can use your credentials, it can do so only if both it and any other computers involved in the transaction are trusted for delegation.