tags:

views:

1780

answers:

2
+2  Q: 

DirectoryEntry.NativeObject throws access denied for a user in Administrators group in windows 2008

I have a local user, which is member of Administrators local group.

When I run this code:

using System;
using System.DirectoryServices;

namespace nanttest
{
    class Program
    {
     public static void Main(string[] args)
     {
      using(DirectoryEntry entry = new DirectoryEntry("IIS://localhost/W3SVC"))
      {
       object absobject = entry.NativeObject;
       Console.WriteLine("Name: {0}", entry.Name);
      }

      Console.Write("Press any key to continue . . . ");
      Console.ReadKey(true);
     }
    }
}

I receive:

Unhandled Exception: System.Runtime.InteropServices.COMException (0x80070005): Access is denied.

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_NativeObject() at nanttest.Program.Main(String[] args) in c:\Work\nanttest\nanttest\Program.cs:line 20

If I run this code while logged in as Administrator, it works OK.

Also, this code fails if I run it logged in as a DomainAdmin user. I have added MYDOMAIN\DomainAdmins and MYDOMAIN\mydomainuser as members of local Administrators group.

What other permissions should I add for these users, so they can run this code.

+6  A: 

To answer my own question, so others can find a solution:

The problem is with the default UAC settings in Windows 2008. Even if a user is in the Administrators group, he/she still needs elevated privileges to run some operations (the one above appears to be among them).

So, solution 1 - run the application using "Run as administrator", or start it from a command prompt, which was started with that option.

Solution 2: Disable UAC for administrators group - I have used method #3 from this article (group policy changes). Remember to reboot the server after these changes.

Sunny  2008-11-04 22:51:27
Thanks! I've been looking at that problem and was seriously wondering what the hell was wrong.
Maxim  2009-06-25 15:35:58
A: 

Thanks.

I was wondering what was going on also. When assigning the logged in user rights in the specific OU that the group was created in I had no problems. Hopwever when thje user was only a memberof the administrators group acces was denied in creating a group. Starting my app with "Run as Administrator" solved this problem right away

Perre  2010-04-13 12:05:34

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?