WNetAddConnection2 from a Windows Service

views:

250

answers:

+1 Q:

WNetAddConnection2 from a Windows Service

I'm trying to connect to a remote password protected shared folder from a Windows service, which runs as LocalSystem account. It seems that the LocalSystem account is unable to directly access password-protected network shares using WNetAddConnection2() or similar calls. Can anyone confirm this? I've read that impersonating an administrator user might be the way to go. I've tried using LogonUser() and ImpersonateLoggedOnUser() before WNetAddConnection2(), it appears that the mount of the network path succeeds, but then actual accesses (e.g. enumerating of files in remote folder) fail. Any ideas?

Thanks.

I'm actually grappling with the same problem right now, Flavio, and my current suspicion is that it works if someone is interactively logged on to the machine, and will return ERROR_NO_SUCH_LOGON_SESSION if no one is logged on. I may be wrong, though. More to come. I've starred this question and will check back :)

Josh K 2010-06-03 19:39:48

What I've found so far is that calling WNetAddConnection2() from a LocalSystem service works on Windows 7 but fails on XP.So far I always tried with a user interactively logged into the machine. I would think that it shouldn't matter for the service if another user is logged into the remote machine, but I might be wrong.

Flavio 2010-06-08 09:56:17

+1 A:

To tell the trust I worked all time only in a domain environment and without password-protected network shares, but I know that there are two main ways to make a connection: WNetAddConnection2 API and NetUseAdd API. I recommend you to try NetUseAdd function with Level equal to 1 (USE_INFO_1). I used only USE_INFO_2 which has ui2_username, ui2_domainname and ui2_password, but USE_INFO_1 has only ui1_password, so it looks like a function made for connection to a password-protected share.

By the way, LogonUser() has really no sense, because it makes local login on the local computer and you need to establish a session to the remote computer. This do WNetAddConnection2 and NetUseAdd functions.

Oleg 2010-06-03 23:02:46

I'm trying to use LogonUser() because I've read in the MS documentation that the LocalSystem account can't establish authenticated connections to remote computers, so the idea is to first impersonate a user that can establish connections (i.e. the local computer administrator) and then attempt to establish the connection.

Flavio 2010-06-08 09:57:50

You can have some problem only if you don't use `WNetAddConnection2` or `NetUseAdd` and try access a remote computer. If you do use WNetAddConnection2` or `NetUseAdd` you make a remote login on the destination computer. If you has no trust between source and destination computers a local login with `LogonUser` can fail because your local computer must not knows a user from remote computer. By the way if both computer are in the same Domain then connection to remote computer can do works with the computer account (see http://msdn.microsoft.com/en-us/library/ms677973(VS.85).aspx) if it granted.

Oleg 2010-06-08 11:50:15

As I've said, WNetAddConnection2() doesn't appear work on Windows XP. It does work on Windows 7.This in not on a domain.I'm using LogonUser() to login to the _local_ machine as a regular user to impersonate it before calling WNetAddConnection2().

Flavio 2010-06-08 12:56:12

Of cause WNetAddConnection2() works on Windows XP and on early version of Windows, but probably not with password protected shared folder instead of typically used user granted share access. Do you tried NetUseAdd? If you have problem to use this you should post you code. The way with `LogonUser()` is DEFINITIVELY WRONG WAY. Just create on the destination computer an account and try login on the source computer with this account using `LogonUser()`. It will fail independent on LocalSystem account of some another one.

Oleg 2010-06-08 13:10:34

ansaurus

tags:

views:

answers:

WNetAddConnection2 from a Windows Service

related questions