WMI远程执行本地管理员 [英] WMI remote execution local admin

问题描述

大家好，
我有一台winServer 2008机器.我创建了一个新的本地用户.
为了使他成为管理员，我要做的就是将其添加到管理员"组中.对吧?
现在，我编写了一个c#代码，该代码应该可以连接该本地用户并远程执行一些exe文件.

Hey all,
I have a winServer 2008 machine. I have created a new local user.
In order to make him an admin all I have to do is to add it to the "administrators" group. right?
now, I wrote a c# code that supposed to connect that local user and execute some exe file remotely.

        static void Main(string[] args)
        {
 
            string remoteMachine = "HV-BENDA";              
            string sBatFile = string.Empty;
 
            try
            {
                 string _cmd = "D:\\LocalUserManagerDLL3.5\\RunDll\\bin\\Debug\\RunDll.exe";
                if (_cmd.Trim() == string.Empty)
                {
                    Console.WriteLine("No command entered using default command for test :" + _cmd);
                }
 
                ConnectionOptions connOptions = new ConnectionOptions();
 
                connOptions.Username = "HV-BENDA\test3";
                connOptions.Password = "1234";
 
 
 
                connOptions.Impersonation = ImpersonationLevel.Impersonate;
                connOptions.EnablePrivileges = true;
                ManagementScope manScope = new ManagementScope(String.Format(@"\\{0}\ROOT\CIMV2", remoteMachine), connOptions);
                manScope.Connect();
                ObjectGetOptions objectGetOptions = new ObjectGetOptions();
                ManagementPath managementPath = new ManagementPath("Win32_Process");
                ManagementClass processClass = new ManagementClass(manScope, managementPath, objectGetOptions);
                ManagementBaseObject inParams = processClass.GetMethodParameters("Create");
                inParams["CommandLine"] = sBatFile;
                ManagementBaseObject outParams = processClass.InvokeMethod("Create", inParams, null);
                Console.WriteLine("Creation of the process returned: " + outParams["returnValue"]);
                Console.WriteLine("Process ID: " + outParams["processId"]);
 
            }
            catch (Exception ex)
            {
                Console.WriteLine("Error " + ex.Message);
            }
}

但是从manScope.Connect()抛出了以下异常:线
"RPC服务器不可用.(HRESULT的异常:0x800706BA)"

当我省略
connOptions.Username ="HV-BENDA \ test3";
connOptions.Password ="1234";
一切正常，据我了解，这可以连接到当前用户(域管理员，而不仅仅是本地管理员).因此，我尝试将这两行与当前的用户凭据一起使用-但引发了相同的异常.

but the following exception is thrown from the manScope.Connect(); line
"The RPC server is unavailable. (Exception from HRESULT: 0x800706BA)"

when I omit
connOptions.Username = "HV-BENDA\test3";
connOptions.Password = "1234";
everything works just fine.This, as I understand, connects with my current user (which is domain admin and not just local admin). So I have tried to use these two lines with my current user credentials- but the same exception was thrown.

does anyone know how to resolve it?

推荐答案

您的代码正在使用提供的凭据连接到远程计算机，而不使用它们运行远程.EXE. RPC不可用，因为指定的用户无权在远程计算机上创建对象.

WMI没有内置功能可以像其他用户一样创建流程.

您可以使用称为PSEXEC的第三方工具，也可以使用现在拥有的一些WMI代码在远程计算机上启动出色的RunAs命令行.

Your code is connecting to the remote machine using the supplied credentials, NOT running the remote .EXE using them. The RPC is unavailable because the user specified doesn''t have permissions to create objects on the remote machine.

WMI has no facility built in to create processes as other users.

You can either use the third party tool called PSEXEC or launch an exquivlent RunAs command line on the remote machine using some of the WMI code you have now.

这篇关于WMI远程执行本地管理员的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！