DirectoryEntry.NativeObject引发拒绝访问的用户在管理员组中的Windows 2008 [英] DirectoryEntry.NativeObject throws access denied for a user in Administrators group in windows 2008
问题描述
我有一个本地的用户,这是本地管理员组的成员。
I have a local user, which is member of Administrators local group.
当我运行此code:
using System;
using System.DirectoryServices;
namespace nanttest
{
class Program
{
public static void Main(string[] args)
{
using(DirectoryEntry entry = new DirectoryEntry("IIS://localhost/W3SVC"))
{
object absobject = entry.NativeObject;
Console.WriteLine("Name: {0}", entry.Name);
}
Console.Write("Press any key to continue . . . ");
Console.ReadKey(true);
}
}
}
我收到了:
未处理的异常: System.Runtime.InteropServices.COMException (0X80070005):访问被拒绝
Unhandled Exception: System.Runtime.InteropServices.COMException (0x80070005): Access is denied.
在 System.DirectoryServices.DirectoryEntry.Bind(布尔 throwIfFail)在 System.DirectoryServices.DirectoryEntry.Bind() 在 System.DirectoryServices.DirectoryEntry.get_NativeObject() 在nanttest.Program.Main(字符串[] 参数)在 C:\工作\ nanttest \ nanttest \的Program.cs:行 20
at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_NativeObject() at nanttest.Program.Main(String[] args) in c:\Work\nanttest\nanttest\Program.cs:line 20
如果我运行此code,而以管理员身份登录,它的工作原理确定。
If I run this code while logged in as Administrator, it works OK.
另外,如果我运行它登录的一个DomainAdmin用户此code失败。我已经加入MYDOMAIN \没有DomainAdmins和MYDOMAIN \ mydomainuser本地Administrators组的成员。
Also, this code fails if I run it logged in as a DomainAdmin user. I have added MYDOMAIN\DomainAdmins and MYDOMAIN\mydomainuser as members of local Administrators group.
我要补充哪些其他权限为这些用户,这样他们就可以运行这个code。
What other permissions should I add for these users, so they can run this code.
推荐答案
要回答我的问题,以便其他人可以找到一个解决方案:
To answer my own question, so others can find a solution:
现在的问题是在Windows 2008即使用户是Administrators组中的默认UAC设置,他/她还需要提升权限运行某些操作(上面的那个似乎是其中)。
The problem is with the default UAC settings in Windows 2008. Even if a user is in the Administrators group, he/she still needs elevated privileges to run some operations (the one above appears to be among them).
所以,解决方案1 - 运行使用以管理员身份运行的应用程序,或者在命令提示符下,这是开始使用该选项启动
So, solution 1 - run the application using "Run as administrator", or start it from a command prompt, which was started with that option.
解决方法2:禁用UAC的管理员组 - 我已经使用方法#3从本文一>(集团政策变化)。记住要重新启动这些更改后的服务器。
Solution 2: Disable UAC for administrators group - I have used method #3 from this article (group policy changes). Remember to reboot the server after these changes.
这篇关于DirectoryEntry.NativeObject引发拒绝访问的用户在管理员组中的Windows 2008的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!