DirectoryEntry.NativeObject引发拒绝访问的用户在管理员组中的Windows 2008 [英] DirectoryEntry.NativeObject throws access denied for a user in Administrators group in windows 2008

问题描述

我有一个本地的用户，这是本地管理员组的成员。

I have a local user, which is member of Administrators local group.

当我运行此code：

using System;
using System.DirectoryServices;

namespace nanttest
{
    class Program
    {
    	public static void Main(string[] args)
    	{
    		using(DirectoryEntry entry = new DirectoryEntry("IIS://localhost/W3SVC"))
    		{
    			object absobject = entry.NativeObject;
    			Console.WriteLine("Name: {0}", entry.Name);
    		}

    		Console.Write("Press any key to continue . . . ");
    		Console.ReadKey(true);
    	}
    }
}

我收到了：

未处理的异常：   System.Runtime.InteropServices.COMException   （0X80070005）：访问被拒绝

Unhandled Exception: System.Runtime.InteropServices.COMException (0x80070005): Access is denied.

在   System.DirectoryServices.DirectoryEntry.Bind（布尔   throwIfFail）在   System.DirectoryServices.DirectoryEntry.Bind（）   在   System.DirectoryServices.DirectoryEntry.get_NativeObject（）   在nanttest.Program.Main（字符串[]   参数）在   C：\工作\ nanttest \ nanttest \的Program.cs：行   20

at System.DirectoryServices.DirectoryEntry.Bind(Boolean throwIfFail) at System.DirectoryServices.DirectoryEntry.Bind() at System.DirectoryServices.DirectoryEntry.get_NativeObject() at nanttest.Program.Main(String[] args) in c:\Work\nanttest\nanttest\Program.cs:line 20

如果我运行此code，而以管理员身份登录，它的工作原理确定。

If I run this code while logged in as Administrator, it works OK.

另外，如果我运行它登录的一个DomainAdmin用户此code失败。我已经加入MYDOMAIN \没有DomainAdmins和MYDOMAIN \ mydomainuser本地Administrators组的成员。

Also, this code fails if I run it logged in as a DomainAdmin user. I have added MYDOMAIN\DomainAdmins and MYDOMAIN\mydomainuser as members of local Administrators group.

我要补充哪些其他权限为这些用户，这样他们就可以运行这个code。

What other permissions should I add for these users, so they can run this code.

推荐答案

要回答我的问题，以便其他人可以找到一个解决方案：

To answer my own question, so others can find a solution:

现在的问题是在Windows 2008即使用户是Administrators组中的默认UAC设置，他/她还需要提升权限运行某些操作（上面的那个似乎是其中）。

The problem is with the default UAC settings in Windows 2008. Even if a user is in the Administrators group, he/she still needs elevated privileges to run some operations (the one above appears to be among them).

所以，解决方案1 ​​ - 运行使用以管理员身份运行的应用程序，或者在命令提示符下，这是开始使用该选项启动

So, solution 1 - run the application using "Run as administrator", or start it from a command prompt, which was started with that option.

解决方法2：禁用UAC的管理员组 - 我已经使用方法＃3从本文（集团政策变化）。记住要重新启动这些更改后的服务器。

Solution 2: Disable UAC for administrators group - I have used method #3 from this article (group policy changes). Remember to reboot the server after these changes.

这篇关于DirectoryEntry.NativeObject引发拒绝访问的用户在管理员组中的Windows 2008的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！