"Peter Huang" said:
Hi Mark,
Based on my test, the code below works file.
The client is windows xp + sp2+.NET FW 1.1 SP1
The server is windows 2003 +SP1 + .NET FW1.1 SP1
You may have a try and let me know the result.
private void button1_Click(object sender, System.EventArgs e)
{
ConnectionOptions op = new ConnectionOptions ( ) ;
op.Username =@"domain\user"; //The domain\user is an administrator of the
machinename
op.Password ="Password";
ManagementScope scope = new ManagementScope("\\\\" + "machinename" +
"\\root\\cimv2", op ) ;
try
{
scope.Connect( ) ;
System.Management.ObjectQuery oq = new System.Management.ObjectQuery
("SELECT * FROM Win32_OperatingSystem");
ManagementObjectSearcher query1 = new ManagementObjectSearcher ( scope ,
oq ) ;
ManagementObjectCollection queryCollection1 = query1.Get ( ) ;
foreach ( ManagementObject mobj in queryCollection1 )
{
string [ ] str= { "" } ;
mobj.InvokeMethod("Reboot",str);
}
}
catch(Exception ex)
{
MessageBox.Show(ex.ToString());
}
}
BTW: The KB article is as the link below.
To fix the problem in the KB article, you may need to contact MSPSS to
obtain the hotfix.
FIX: A security token leak occurs when you use the System.Management
namespace and you set the ConnectionOptions.EnablePrivileges property to
true in a .NET Framework-based application
http://support.microsoft.com/?id=887814
Best regards,
Peter Huang
Microsoft Online Partner Support
Get Secure! -
www.microsoft.com/security
This posting is provided "AS IS" with no warranties, and confers no
rights.
Peter,
Your code works, but the same code changed to reboot a local machine
doesn't.
Here is the adapted code, changes made are:
- removed ConnectionOptions because not needed/allowed for local machine
connections
- added scope.Options.EnablePrivileges = true; to enable the privilege
required to reboot/sutdown etc.
This option is NOT required/checked when executing a remote shutdown/reboot
...
//Begin code
ManagementScope scope = new ManagementScope("\\\\" + "." +
"\\root\\cimv2" );
try
{
scope.Options.EnablePrivileges = true;
scope.Connect() ;
System.Management.ObjectQuery oq = new System.Management.ObjectQuery
("SELECT * FROM Win32_OperatingSystem");
ManagementObjectSearcher query1 = new ManagementObjectSearcher ( scope
,oq );
ManagementObjectCollection queryCollection1 = query1.Get ( ) ;
foreach ( ManagementObject mobj in queryCollection1 )
{
string [ ] str= { "" } ;
mobj.InvokeMethod("Reboot",str);
}
}
catch(Exception ex)
{
Console.WriteLine(ex.ToString());
}
}
// Code end
Here is the Exception stack.
System.Management.ManagementException: Privilege not held.
at
System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
errorCode)
at System.Management.ManagementObject.InvokeMethod(String methodName,
ManagementBaseObject inPara
meters, InvokeMethodOptions options)
at System.Management.ManagementObject.InvokeMethod(String methodName,
Object[] args)
at Wmis.Main()
Note that this works with v2.0 Beta1 and Beta2 and v1.0 and v1.1, but fails
with v1.0 SP3 and v1.1 SP1.
The problem is that "Options.EnablePrivileges = true;" is a NOP, that is, it
doesn't enable the required privilege (I traced this in the debugger and
noticed that Wminet_utils.dll is the culpritt - see later) and this for ALL
methods that require the privileges to be enabled!!
I filed a bug for this at the time v1.1 SP1 and v1.0 SP3 was released, it's
status is closed/solved without any more info.
If you copy the v1.1 no SP version of Wminet_utils.dll to the v1.1 SP1
framework install dir. above code works as expected.
Finally, the question to be answered is - does the fix
(
http://support.microsoft.com/?id=887814
) solves this problem too? If it does it should be mentioned in the KB, if
it doesn't the problem should be re-opened.
Willy.
