Remote OpenSCManager

Hi

I try to install/start/stop a service on a remote computer.
So first I have to open the service manager using OpenSCManager with the needed rights.
But then I get a access denied error. I guess I have to enter a username and password somewhere, but how ?
I don't see a way to pass a username and password to the function, what to do ?
sorentopAsked:
Who is Participating?
 
jkrConnect With a Mentor Commented:
>>OK, but I'm sorry I can't accept that as a sollution to
>>the problem.

Err, why? You'll hardly find a different one...
0
 
sorentopAuthor Commented:
BTW I'm logged on as administrator
0
 
jkrCommented:
You'll have to make sure that the admin password is the same on both machines or that they're connected to a domain with you being logged on as the Domain Admin.
0
Cloud Class® Course: Certified Penetration Testing

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

 
sorentopAuthor Commented:
But what if this is not the case.
From the control panel, you can do it via computer management and then connect to the computer.
0
 
jkrCommented:
Hmm, just found some sample code at http://www.codeguru.com/system/NTSrv.shtml - the idea seems to be to 'RegConnectRegistry()' before using 'OpenSCManager()':

      if(m_strWkstaName.CompareNoCase(GetLocalMachineName()) == 0)
            lRet = RegConnectRegistry(NULL, HKEY_LOCAL_MACHINE, &hMachineKey);
      else
      {
            CString strUNCName = _T("\\\\") + m_strWkstaName;
            RedrawWindow();
            CString strText;
            strText.Format(_T("Connecting to registry database of computer %s..."), m_strWkstaName);
            m_stStatus.SetWindowText(strText);

            lRet = RegConnectRegistry(strUNCName, HKEY_LOCAL_MACHINE, &hMachineKey);
      }

      if(lRet == NO_ERROR)
      {
            lRet = RegOpenKey(hMachineKey, "SYSTEM\\CurrentControlSet\\Services", &hRegServicesKey);

            if(lRet == NO_ERROR)
            {
                  DWORD dwSubKeys = 0, dwMaxSubKeyNameLen = 0;
                  lRet = RegQueryInfoKey(hRegServicesKey, NULL, NULL, NULL, &dwSubKeys, &dwMaxSubKeyNameLen,
                        NULL, NULL, NULL, NULL, NULL, NULL);

                  SC_HANDLE hSCManager = OpenSCManager(m_strWkstaName, NULL, GENERIC_READ);

                  if(hSCManager != NULL)
                  {
                        DWORD dwIndex = 0;
                        char pszServiceName[128];
                        char pszDisplayName[128];
                        char pszStartup[128];
                        char pszStatus[128];
                        DWORD dwServiceNameLen = 128;
                        DWORD dwDisplayNameLen = 128;

                        m_stStatus.ShowWindow(SW_HIDE);
                        m_progRegistry.ShowWindow(SW_SHOW);
                        m_progRegistry.SetRange32(1, (int)dwSubKeys);
                        m_progRegistry.SetPos((int)dwIndex);

                        do
                        {
                              //      RegQueryInfoKey
                              dwServiceNameLen = dwMaxSubKeyNameLen;
                              lRet = RegEnumKey(hRegServicesKey, dwIndex, pszServiceName, dwServiceNameLen);

                              if(lRet == ERROR_NO_MORE_ITEMS)
                                    break;

                              if(lRet != NO_ERROR)
                              {
                                    dwIndex++;
                                    continue;
                              }

                              BOOL bClose = FALSE;

                              dwDisplayNameLen = 64; // reset length
                              if(GetServiceDisplayName(hSCManager, pszServiceName, pszDisplayName, &dwDisplayNameLen))
                              {
                                    QUERY_SERVICE_CONFIG qsc;
                                    SERVICE_STATUS ss;

                                    DWORD dwBytesNeeded = 0;

                                    // pass a false size to QueryServiceConfig (for 5 strings)
                                    DWORD dwFalseSize = sizeof(QUERY_SERVICE_CONFIG) + 5 * (1 + _MAX_PATH);

                                    SC_HANDLE hService = OpenService(hSCManager, pszServiceName, SERVICE_ALL_ACCESS);

                                    BOOL bQuery = QueryServiceConfig(hService, &qsc, dwFalseSize, &dwBytesNeeded);

                                    if(bQuery)
                                          strcpy(pszStartup, GetStartupString(qsc.dwStartType));
                                    else
                                    {
                                          ShowLastError(TRUE);

                                          if(QueryServiceConfig(hService, &qsc, dwBytesNeeded, &dwBytesNeeded))
                                                strcpy(pszStartup, GetStartupString(qsc.dwStartType));
                                          else
                                                strcpy(pszStartup, ShowLastError(TRUE));
                                    }

                                    if(!(qsc.dwServiceType & m_dwType))
                                          goto _next;
                                    
                                    bClose = CloseServiceHandle(hService);
                                    hService = 0;

                                    hService = OpenService(hSCManager, pszServiceName, GENERIC_READ);
                                    if(hService)
                                    {
                                          if(QueryServiceStatus(hService, &ss))
                                                strcpy(pszStatus, GetStatusString(ss.dwCurrentState));
                                          else
                                                strcpy(pszStatus, ShowLastError(FALSE));
                                    }
                                    else
                                          continue;
                                    
                                    CloseServiceHandle(hService);
//                                    hService = 0;
                                    
                                    if(((m_dwStatus == SERVICE_ACTIVE) && (ss.dwCurrentState == SERVICE_STOPPED))      ||
                                       ((m_dwStatus == SERVICE_INACTIVE) && (ss.dwCurrentState != SERVICE_STOPPED)))
                                          goto _next;

                                    InsertInList(pszServiceName, pszDisplayName, pszStatus, pszStartup,
                                          ss.dwCurrentState, qsc.dwStartType);
                              }
                              else
                              {
                                    if(fLog)
                                    {
                                          CString strErr;
                                          strErr.Format(_T("%s#%s"),
                                                pszServiceName, ShowLastError(FALSE));

                                          fprintf(fLog, "%s\n", strErr);
                                          nErrCnt++;
                                    }
                              }
_next:
                              dwIndex++;
                              m_progRegistry.SetPos((int)dwIndex);

                        } while(TRUE);
                  }
                  else
                        ShowLastError();

                  CloseServiceHandle(hSCManager);
            }
            else
                  ShowLastError();

            RegCloseKey(hRegServicesKey);
      }
      else
            ShowLastError(lRet, TRUE);

      RegCloseKey(hMachineKey);


0
 
sorentopAuthor Commented:
well when I try RegConnectRegistry I get a access denied so that doesn't help me... I guess
0
 
jkrCommented:
>>well when I try RegConnectRegistry I get a access denied
>>so that doesn't help me

Well, THAT's certainly username/password related. One way out would be e.g. establishing a NULL session to the machine you want to start the service at - see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/vcsample98/html/vcsmpnullsess.asp :

"NullSess Sample: Using Null Session for Access Problems
[...]

This sample illustrates how to use a Null session to overcome access problems during network related query operations."
0
 
sorentopAuthor Commented:
According to Win32 sdk:
the OpenSCManager function fails if the calling process does not have administrator privileges.
Is it possible to set administrator privileges for my program ?
0
 
jkrCommented:
>>Is it possible to set administrator privileges for my
>>program ?

Err, you wrote: "BTW I'm logged on as administrator"

Well, all SCM related functions that do more than e.g. service enumeration need amin privileges. The only way (if you're not already logged on as an administrator) would be using 'LogonUser()'/'ImersonateLoggedOnUser()'...
0
 
sorentopAuthor Commented:
Yes i'm logged in as administrator, so the program automatic has administrator privileges. stupid question I guess
0
 
jkrCommented:
BTW: Could you just try to set the Admim PWD on your machine to the same that's used on the machine you want to start the service on? I'm pretty sure that this should remedy the problem...
0
 
sorentopAuthor Commented:
Yes you are right that fixes the problem. But the password's must be different, so I will just change it back :)

I don't know if I'm getting stupid, but I can't find the sample, I click on your url and the page says I should
"Click to open or copy the files for the NullSess sample"
but there is only a link to: Building SDK Samples
0
 
jkrCommented:
Well, if you have VC++, you'll find the sample via the accompanying MSDN distribution.

Just one thing that might remedy your problem also:

    HANDLE          hToken  =   NULL;

    if  (   LogonUser   (   "Administrator",
                            ".\\<machine>,
                            "<password>",
                            LOGON32_LOGON_INTERACTIVE,
                            LOGON32_PROVIDER_DEFAULT,
                            &hToken
                        )
        )   ImpersonateLoggedOnUser (   hToken);

    // do the service related operations

    RevertToSelf ();
0
 
jkrCommented:
Ooops,

".\\<machine>,

should of course read

".\\<machine>,"

(the '.\\' is mandantory)
0
 
sorentopAuthor Commented:
hmm I'm sorry but the LogonUser fails
0
 
jkrCommented:
You'll have to grant the 'SE_TCB_NAME' to the admin account of your machine (and logoff) - this is required for 'LogonUser()', and not automatically granted.
0
 
sorentopAuthor Commented:
Just to make sure.
Should I have to log off and then on again, after getting the admin right, before I can use the LogonUser ?
0
 
jkrCommented:
Well, use the user manager (or the W2k equivalent) to grant the SE_TCB_NAME ("Act as Part of the Operating System") to the Admin account (you must be admin to do this). Then, log off and log back on to activate the new set of credentials.
0
 
sorentopAuthor Commented:
OK, but I'm sorry I can't accept that as a sollution to the problem.
I'm sorry to turn down all your work.
0
 
sorentopAuthor Commented:
Yes I know, but it is possible using the computer management, so it must be possible somehow.
0
 
jkrCommented:
>>but it is possible using the computer management

Without corresponding passwords, this is hardly possible. Does this work under the same admin account with the same (different) password?
0
 
sorentopAuthor Commented:
well I will just give you the points and re-ask the question.
If you find a solution somehow, please write it here :)
0
 
sorentopAuthor Commented:
Yes it does
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.