Reputation: 3134
Impersonation to install application c#
I am trying to install windows update patch(patch.msu) in a non admin account using impersonation class provided here http://stackoverflow.com/questions/125341/how-do-you-do-impersonation-in-net I am hardcoding the username,passowrd and domain of that of Administrator . I tried several LogonTypes but no impact and i get the following error/exception.
"Either a required impersonation level was not provided, or the provided impersonation" .
I have no clue how to proceed further ,we need to install certain patches on our customer systems with out sharing admin details to them. Your guidance on this is highly appreciated.
My code sample
try
{
using (Impersonation impersonate = new Impersonation(Environment.UserDomainName,
"administrator", "XXXXXX"))
{
Process proc = new Process();
proc.StartInfo.FileName = "wusa.exe";
proc.StartInfo.Arguments = strPath;
proc.StartInfo.UseShellExecute = false;
proc.StartInfo.RedirectStandardOutput = true;
proc.StartInfo.Verb = "runas";
proc.Start();
proc.WaitForExit();
}
}
catch (Exception e)
{
throw new Exception(e.Message);
}
Upvotes: 1
Views: 671
Answers (1)
Reputation: 11357
This is due to a security update long ago.
The "Impersonate a client after authentication" and "Create global objects" user rights were first introduced in Windows 2000 Service Pack 4 to help to increase security in Windows.
When you assign the "Impersonate a client after authentication" user right to a user, you permit programs that run on behalf of that user to impersonate a client. This security setting helps to prevent unauthorized servers from impersonating clients that connect to it through methods such as remote procedure calls (RPC) or named pipes.
As you want to impersonate an domain administrator you need to add those user rights.
By default, members of the device's local Administrators group and the device's local Service account are assigned the "Impersonate a client after authentication" user right.
Solution
IMPORTANT: This does not give full administrator permissions to the user to install other applications.
The action for the first step is dependent on the environment:
If you are using Active Directory Group Policies edit the Domain Security Policy on the Domain Controller:
- Click Start -> Programs -> Administrative Tools -> Domain Security Policy
If you are not using Active Directory Group Policies, change the configuration on the local computer
- Click Start -> Settings -> Control Panel -> Administrative Tools -> Local Security Policies
Then
- Expand Local Policies and select User Rights Assignment.
- In the right pane, double-click Impersonate a client after authentication.
- In the Security Policy Setting dialog box, click Add User or Group.
- In the Select Users, Computers or Groups dialog box, type the name of the Group or User who will run the application.
- Select Check Names and verify the name is correct.
- Repeat the steps applied to the Impersonate a client after authentication setting to the Create global objects setting.
Upvotes: 1
Related Questions
- How do you do Impersonation in .NET?
- How to run my "C#" application under trustedinstaller account?
- How do I use impersonation on a C# Winforms application to run with admin privileges?
- Windows Impersonation from C#
- Impersonate for entire application lifecycle
- Impersonating a Windows user
- Impersonate with username and password?
- c# impersonation problem
- Process.Start() and user impersonation
- Launch application impersonated on windows user logon