views:

517

answers:

2

So I have made a webservice that interfaces with a set of data contained in a WMI namespace. It works fine when I run it with the ASP.net in built development web server, and returns the data as requested. However when I publish it to an IIS 6 server (win 2003), the webservice no longer allows me to execute the WMI method calls. However it does let me still read from it.

Instead it gives me:

System.Management.ManagementException: Access denied at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus errorCode) at System.Management.ManagementObject.InvokeMethod(String methodName, ManagementBaseObject inParameters, InvokeMethodOptions options) at System.Management.ManagementObject.InvokeMethod(String methodName, Object[] args)

I have tried to fix this (and yes I know this is a bad practice but I just wanted to see if it would work) by adding the "Everyone" group to that WMI namespaces security settings and giving them full permisions (which includes execute). Then resetting IIS. However I still get this error.

Anyone got any ideas?

+2  A: 

Running with IIS as a 'proper' user account should work.

The 'everyone' group doesn't mean 'absolutely everyone' -- it means 'every authenticated user'. If you can't authenticate you are still not part of everyone. If you are going after a WMI resource which requires network rights then it will still fail.

Other than that maybe accessing WMI requires a user right that the default account IIS is running as doesn't have.

Rob Walker
What service account could he *possibly* change IIS to run as? It's running at *some* user.
Ian Boyd
A: 

Well, techinically, Everyone and "Authenicated Users" are different.

Everone includes the "guest" account and "guests" group, null and anonymous connection. Everyone is everyone. "Authenticated Users" is anyone who's presented credentials. Slightly subtle, but important.

If guest is disabled, then I believe they are for all practical purposes identical, although Everyone might include "null" and "anonymous" sessions.

Christopher_G_Lewis