C# WMI runs an exe on a remote PC that then runs another exe on the same PC that then calls Directory.CreateDirectory on a network path and fails

Asked 18/2, 2010 at 20:22 Answered 18/2, 2010 at 21:37

c#windows wmi directory-permissions

Using C# WMI I start an exe on another computer and this exe starts another exe using the C# Process class. The last exe tries to call Directory.CreateDirectory using a network path (aka \\\\comp1\d$\dir\). Directory.CreateDirectory throws this exception:

Access to the path '\\\\blah\blah\blah' is denied.   at System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)
   at System.IO.Directory.InternalCreateDirectory(String fullPath, String path, DirectorySecurity dirSecurity)
   at System.IO.Directory.CreateDirectory(String path, DirectorySecurity directorySecurity)

If I run the third exe directly in a console on the computer it exists on this exception isn't thrown and everything works fine.

The security settings for the folder where the directory is being created has "Everyone" given full permissions.

How do I fix this problem?

Appurtenance answered 18/2, 2010 at 20:22 Comment(2)

Did you make sure that the shared network folder's security settings allows you read/write privileges? – Marielamariele 18/2, 2010 at 20:27

Did you see @Nick's answer, below? My research in WMI tells me he has the correct answer. If you agree, you might want to select it. :) – Cowled 16/12, 2014 at 6:17

Also be aware that when launching an app via WMI, there is a third layer of rights. For instance, if you invoke a method on an existing WMI object, it may not delegate the callers rights, or even the rights of the host exe, but will have an Empty Principal. This may be happening to you.

Go to Computer Management, and under Services and Applications, right click on the WMI Control node and select Properties. Go to the Security Tab, and then navigate to the correct WMI Namespace (most likely root\CIMV2) and make sure the user you are using has the appropriate rights there as well.

Tolerance answered 18/2, 2010 at 21:37 Comment(4)

If I added everyone to root\CIMV2 and gave it full permissions would that do the trick? – Appurtenance 19/2, 2010 at 0:5

Possibly. I'm not exactly sure what's going on here. I just wanted to make you aware that when you are performing an action launched via WMI, you actually have a third set of permissions to deal with. – Tolerance 19/2, 2010 at 4:29

Right, thanks for the heads up. It's a painful situation for sure. – Appurtenance 19/2, 2010 at 17:54

Nick is correct: WMI does not inherently send credentials to a process started on a remote host. Doing so would require the right "log on as other users", which is too dangerous. There is another method, though, created by Frank White. I reference his and created a full script here: https://mcmap.net/q/1174101/-trying-to-copy-file-from-one-xp-pc-to-another-using-wmi-since-rpc-and-unc-are-not-available. – Cowled 4/9, 2012 at 19:6

As Aaron said, windows share security has two components The first is the security of the Share itself. The second is the security on the files and folders in that share.

Both have to allow the create directory access in order for this to work.

You should also know that the EVERYONE group includes domain computer accounts, the built in system account, domain users, guest, and authenticated users.

This means that the first thing you want to do is see what user this is actually running under. If it is running under the machine account AND it is not part of a domain then you will need to give that machine account access to the share and file system.

Bennink answered 18/2, 2010 at 20:49 Comment(0)

See this thread for some suggestions about permissions.

http://www.eggheadcafe.com/community/aspnet/2/10058550/how-to-create-a-folder-in.aspx

Marielamariele answered 18/2, 2010 at 20:30 Comment(0)

Recommended topics

Hot tags