模拟错误–不同的域帐户. [英] Error in Impersonation – different domain account.

问题描述

我正在尝试使用ServiceController从我的C#.NET Windows应用程序停止服务器(在不同域中)中的Windows服务(我正在遵循以下错误
)

I am trying to stop a windows service in a server(on different domain) from my C#.NET windows application using ServiceController I am getting following error

Inner Exception: <br />
{"Access is denied"}<br />
Exception Message: <br />
"Cannot open Service Control Manager on computer ''x.y.z.a''. This operation might require other privileges."<br />
Enviroment:<br />
      Windows application running on Windows 7, C#.NET, 3.5 on "ABC" DOMAIN <br />
      Target service running on Windows 2003 server. on "XYZ" DOMAIN<br />
      Port 445,135 opened between two systems<br />
Code:<br />
      ServiceController lo_WinSC = new ServiceController();<br />
      lo_WinSC.MachineName = "SYSTEMIPAddress";<br />
      lo_WinSC.ServiceName = "ServiceToBeStopped";

一些论坛建议模拟目标域的帐户，但无法模拟.错误:

The security database on the server does not have a computer account for this workstation trust relationship.


问题1:是否可以冒充不同域的帐户.即我的应用程序在"XYZ"域上运行，我想模拟一个帐户"ABC"域.注意:端口LDAP端口389在两个系统之间打开.是可能的，请帮我解决以上错误.如果没有，对我的主要问题有何建议.

问题2:为了模拟，需要在应用程序系统和域控制器/目标服务器之间打开任何特定的端口.

问题3:是否有其他方法可以解决我的主要问题，或者是否有任何方法可以在ServiceController中传递登录凭据.

Some forum suggesting to impersonate account of target domain but failed to Impersonate. Error:

The security database on the server does not have a computer account for this workstation trust relationship.


Question 1: Is it possibile to impersonate account of different domain. i.e My application running on "XYZ" domain, I would like to impersonate an account "ABC" domain. Note: Port LDAP port 389 is opened between two systems. Is possbile, help me with the above error. If not, any suggestions for my primary problem.

Question 2: For impersonating any specific port needs to be opened between application system and Domain controller/target server.

Question 3: Is there any other way to solve my primary problem or Is there any way to pass login credential in ServiceController.

推荐答案

问题3:

也许看看PsExec

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx [ ^ ]

这肯定会让您停止远程计算机上的服务，可以传递在远程域上有效的凭据+密码等.我在内部将其用于自动构建+部署过程.

在这种情况下，您可能需要考虑安全性问题，如果您通过用户凭据传递了纯文本

Question 3:

Maybe look into PsExec

http://technet.microsoft.com/en-us/sysinternals/bb897553.aspx[^]

This would certainly let you stop a service on a remote computer, you can pass in credentials valid on the remote domain + password etc. I''ve used this internally for automated build + deploy processes.

Possibly security issues you need to consider in this scenario, if you pass user credentials they are passed plain text

，即使您模拟了用户，也无法访问远程计算机上与Service Controller相关的权限管理员权限.

我对此有另一种解决方案:
使用Service Controller实现执行Web服务，并以必需的权限将其托管在远程计算机上.因此，您将获得与服务控制器相关的访问的主要特权.

现在，在Windows应用程序项目中添加Web服务引用，并调用service方法. Web服务将负责服务的启动和停止.

You can''t access Service Controller related permission on remote machine even if you impersonate with administrator privileges.

I got another solution for this:
Do the web service with Service Controller implementation and host on the remote machine with the necessary permissions. So you get Primary privileges for service controller related access.

Now add web service reference in your Windows application project and invoke the service method. The web service will take care of service start and stop.

谢谢.但我正在寻找一种较少代理的解决方案

Thank you. but i am looking for a agent less solution

这篇关于模拟错误–不同的域帐户.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！