PaExec - connect to Service Control Manager error
Hello.
I found out some strange behaviour.
Tested on Windows 7 systems in one domain.
Suppose I have HostA and HostB in domain.
HostA has userA as local admin, HostB - userB as local admin.
I try to run `ipconfig` from HostA(userA) on HostB: *paexec \\HostB \\\\HostB -u domain\userB domain\\userB -p password ipconfig*
1. normal case. when HostB does not know about userA.
all works fine.
2. error. when HostB has userA as member of Users.
PaExec shows "Failed to connect to Service Control Manager"
I think that explanations is -
inspite tha fact that PaExec calls `WNetAddConnection2` with userB credentials,
function call `::OpenSCManager` uses the existing userA permissions.
(probably because userA is the has some permissions on HostB).
----------
I can suggest some solutions
1. call
`LogonUser(user, domain, settings.password, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_DEFAULT, &settings.hUser);`
`ImpersonateLoggedOnUser(settings.hUser);`
before `::OpenSCManager`
It's not perfect because it affects current thread security context.
I'm not very kind of changing security context, so may be there are another drawbacks...
similar problem discussed here [https://groups.google.com/forum/#!topic/microsoft.public.vc.mfc/yTYegk-z42I][1]
2. call
`LogonUser(L"NETWORK SERVICE", L"NT AUTHORITY",...`
`ImpersonateLoggedOnUser(settings.hUser);`
`...`
`WNetAddConnection2`
`LogonUser` will change current context to system account context.
And function call `::OpenSCManager` will use the user_b connection (HostB does nothing about HostA\system account).
it's proposed here [http://stackoverflow.com/questions/2968426/wnetaddconnection2-from-a-windows-service][1]
PS
PsExec has the same behaviour.
After *psexec \\HostB \\\\HostB -u domain\userB domain\\userB -p password ipconfig*
It prints "Could not start PSEXESVC service.."
[1]: http://stackoverflow.com/questions/2968426/wnetaddconnection2-from-a-windows-service
