Hello. I found out some strange behaviour.
Tested on Windows 7 systems in one domain.
Suppose I have HostA and HostB in domain. HostA has userA as local admin, HostB - userB as local admin.
I try to run ipconfig from HostA(userA) on HostB: paexec \\HostB -u domain\userB -p password ipconfig
-
normal case. when HostB does not know about userA.
all works fine.
-
error. when HostB has userA as member of Users.
PaExec shows "Failed to connect to Service Control Manager"
I think that explanations is -
inspite tha fact that PaExec calls WNetAddConnection2 with userB credentials,
function call ::OpenSCManager uses the existing userA permissions.
(probably because userA is the has some permissions on HostB).
I can suggest some solutions
1) call
`LogonUser(user, domain, settings.password, LOGON32_LOGON_NEW_CREDENTIALS, LOGON32_PROVIDER_DEFAULT, &settings.hUser);`
`ImpersonateLoggedOnUser(settings.hUser);`
before ::OpenSCManager
It's not perfect because it affects current thread security context. I'm not very kind of changing security context, so may be there are another drawbacks...
similar problem discussed here https://groups.google.com/forum/#!topic/microsoft.public.vc.mfc/yTYegk-z42I
2) call
LogonUser(L"NETWORK SERVICE", L"NT AUTHORITY",...
ImpersonateLoggedOnUser(settings.hUser);
...
WNetAddConnection2
LogonUser will change current context to system account context.
And function call ::OpenSCManager will use the user_b connection (HostB does not know about HostA\system account).
it's proposed here http://stackoverflow.com/questions/2968426/wnetaddconnection2-from-a-windows-service
PS
PsExec has the same behaviour.
After psexec \\HostB -u domain\userB -p password ipconfig
It prints "Could not start PSEXESVC service.."