PaExec - connect to Service Control Manager error

Hello. I found out some strange behaviour.

Tested on Windows 7 systems in one domain.

Suppose I have HostA and HostB in domain. HostA has userA as local admin, HostB - userB as local admin.

I try to run ipconfig from HostA(userA) on HostB: paexec \\HostB -u domain\userB -p password ipconfig

1. normal case. when HostB does not know about userA.

   all works fine.

2. error. when HostB has userA as member of Users.

   PaExec shows "Failed to connect to Service Control Manager"

I think that explanations is -

inspite tha fact that PaExec calls WNetAddConnection2 with userB credentials,

function call ::OpenSCManager uses the existing userA permissions.

(probably because userA is the has some permissions on HostB).

I can suggest some solutions

1) call

`LogonUser(user, domain, settings.password, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_DEFAULT, &settings.hUser);`

`ImpersonateLoggedOnUser(settings.hUser);`

before ::OpenSCManager

It's not perfect because it affects current thread security context. I'm not very kind of changing security context, so may be there are another drawbacks...

similar problem discussed here https://groups.google.com/forum/#!topic/microsoft.public.vc.mfc/yTYegk-z42I

2) call

LogonUser(L"NETWORK SERVICE", L"NT AUTHORITY",...

ImpersonateLoggedOnUser(settings.hUser);

...

WNetAddConnection2

LogonUser will change current context to system account context.

And function call ::OpenSCManager will use the user_b connection (HostB does not know about HostA\system account).

it's proposed here http://stackoverflow.com/questions/2968426/wnetaddconnection2-from-a-windows-service

PS

PsExec has the same behaviour.

After psexec \\HostB -u domain\userB -p password ipconfig

It prints "Could not start PSEXESVC service.."