Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 616
  • Last Modified:

Access denited when i try a remote shutdown 2 PC on the lan network

Dear expert exchange

when i use a 'InitiateSystemShutdown' api with a 2 PC (both windows 2000 operation system) the system report error 5 (access denited).I logged both administrator and i have a SE_REMOTE_SHUTDOWN_NAME privilege.The same problem also with windows xp professional.What can i do ?
0
MarcoPanza
Asked:
MarcoPanza
  • 6
  • 4
  • 2
1 Solution
 
grayeCommented:
Are you sure you sucessfully set the privilege?   Here is a VB.Net example that I use:

Imports System
Imports System.Diagnostics
Imports System.Runtime.InteropServices

Module SetPrivilegs
    <StructLayout(LayoutKind.Sequential, Pack:=4)> _
    Private Structure LUID_AND_ATTRIBUTES
        Dim Luid As Long
        Dim Attributes As Integer
    End Structure

    <StructLayout(LayoutKind.Sequential, Pack:=4)> _
    Private Structure TOKEN_PRIVILEGES
        Dim PrivilegeCount As Integer
        Dim Privilege As LUID_AND_ATTRIBUTES
    End Structure

    <DllImport("advapi32.dll")> _
    Private Function OpenProcessToken _
        (ByVal ProcessHandle As IntPtr, _
         ByVal DesiredAccess As Integer, _
         ByRef TokenHandle As IntPtr) _
        As Boolean
    End Function

    <DllImport("advapi32.dll")> _
    Private Function LookupPrivilegeValue _
        (ByVal lpSystemName As String, _
         ByVal lpName As String, _
         ByRef lpLuid As Long) _
         As Boolean
    End Function

    <DllImport("advapi32.dll")> _
    Private Function AdjustTokenPrivileges _
        (ByVal TokenHandle As IntPtr, _
         ByVal DisableAllPrivileges As Boolean, _
         ByRef NewState As TOKEN_PRIVILEGES, _
         ByVal BufferLength As Integer, _
         ByVal PreviousState As IntPtr, _
         ByVal ReturnLength As IntPtr) _
         As Boolean
    End Function

    Const TOKEN_QUERY As Integer = &H8
    Const TOKEN_ADJUST_PRIVILEGES As Integer = &H20
    Const SE_SHUTDOWN_NAME As String = "SeShutdownPrivilege"
    Const SE_PRIVILEGE_ENABLED As Integer = &H2

    Public Function SetPrivileges() As Boolean
        Dim hProc, hToken As IntPtr
        Dim luid_Shutdown As Long
        Dim tp As New TOKEN_PRIVILEGES

        ' get the current process's token
        hProc = Process.GetCurrentProcess().Handle
        hToken = IntPtr.Zero
        If Not OpenProcessToken(hProc, TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, hToken) Then
            Return False
        End If

        ' get the LUID for the Sutdown privileges (provided it already exist)
        luid_Shutdown = 0
        If Not LookupPrivilegeValue(Nothing, SE_SHUTDOWN_NAME, luid_Shutdown) Then
            Return False
        End If

        tp.PrivilegeCount = 1
        tp.Privilege.Luid = luid_Shutdown
        tp.Privilege.Attributes = SE_PRIVILEGE_ENABLED

        ' enable the privileges
        If Not AdjustTokenPrivileges(hToken, False, tp, 0, IntPtr.Zero, IntPtr.Zero) Then
            Return False
        End If

        Return True
    End Function

End Module
0
 
MarcoPanzaAuthor Commented:
Yes i have a SE_REMOTE_SHUTDOWN_NAME privilege.There are 2 PC (for example A,B) with both windows 2000 , A can shutdown   B  , and B cannot  shutdown A(Access denited).The same source code was tested to 2 PC.But i don't understand the different between A and B.Why B don't shutdown A ?
0
 
RevelationCSCommented:
check the local security policies for the server itself? I believe the user/group that is being used would need to have the ability to "Force Shutdown from a Remote System"
0
[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

 
RevelationCSCommented:
and since you can do it to one computer, but not the other, compare the Security Policies for both of the PCs to see where the differences are at...
0
 
MarcoPanzaAuthor Commented:
the line "Force Shutdown from a Remote System" is administrator and the i' dont see a significative differents on the Security Policies betwen the 2 PC.
0
 
RevelationCSCommented:
are you coding this using a specific language? from what I can see there are several languages that use the API you reference in your first post... if you are, you might want to have this moved to the appropriate area as it would possibly be more of an issue with the code.... also, reference to http://www.experts-exchange.com/Programming/Q_20928585.html and see if anything there helps you figure out where the issue is at....

hope some of this helps...
0
 
MarcoPanzaAuthor Commented:
This is my code:

  Public Function SpegniPC(ByVal NomePC As String, Optional AbilitaShutDownLocale As Variant, Optional Ritardo As Variant, Optional Messaggio As Variant) As Boolean
   
1       Const SE_PRIVILEGE_ENABLED = &H2
2       Const TOKEN_QUERY = &H8
3       Const TOKEN_ADJUST_PRIVILEGES = &H20
4       Const SE_SHUTDOWN_NAME = "SeShutdownPrivilege"
5       Const SE_REMOTE_SHUTDOWN_NAME = "SeRemoteShutdownPrivilege"
                                                                                                                                                                                   
        Dim TokenHandle As Long
        Dim VecchioTokenStuff As TOKEN_PRIVILEGES
        Dim VecchioTokenStuffLen As Long
        Dim NuovoTokenStuff As TOKEN_PRIVILEGES
        Dim NuovoTokenStuffLen As Long
        Dim Dimensione As Long
        Dim Privilegio As String
        Dim ForceGuest As String
   
        'Verifica i parametri opzionali
6       If IsMissing(AbilitaShutDownLocale) Then AbilitaShutDownLocale = False
7       If IsMissing(Ritardo) Then Ritardo = 0
8       If IsMissing(Messaggio) Then Messaggio = ""
   
9       SpegniPC = True
       
        'Elimina i backslash iniziali se esistono
10      If InStr(NomePC, "\\") = 1 Then
11          NomePC = Right(NomePC, Len(NomePC) - 2)
        End If
   
        'determina se il computer è locale o remoto
12      If (LCase(NomeComputerLocale) = LCase(NomePC)) Or NomePC = Empty Then
13          Privilegio = SE_SHUTDOWN_NAME
14      Else
15          Privilegio = SE_REMOTE_SHUTDOWN_NAME
        End If
   
        'esce se non è abilitato a spegnere il computer locale
16      If AbilitaShutDownLocale = False Then Exit Function
       
        'apre l' accesso al token corrente
17      If OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES Or TOKEN_QUERY, TokenHandle) = 0 Then
18          MsgBox "OpenProcessToken Error: " & Err.LastDllError
            Exit Function
        End If
       
19      If LookupPrivilegeValue(vbNullString, Privilegio, VecchioTokenStuff.Privileges(0).pLuid) = 0 Then
20          MsgBox "LookupPrivilegeValue Error: " & Err.LastDllError
            Exit Function
        End If
21      NuovoTokenStuff = VecchioTokenStuff
22      NuovoTokenStuff.PrivilegeCount = 1
23      NuovoTokenStuff.Privileges(0).Attributes = SE_PRIVILEGE_ENABLED
24      NuovoTokenStuffLen = Len(NuovoTokenStuff)
25      Dimensione = Len(NuovoTokenStuff)

        'Abilita il privilegio di speglimento locale/remoto PC
26      If AdjustTokenPrivileges(TokenHandle, False, NuovoTokenStuff, NuovoTokenStuffLen, VecchioTokenStuff, VecchioTokenStuffLen) = 0 Then
27          MsgBox "AdjustTokenPrivileges Error: " ' & GetLastError()
            Exit Function
        End If
       
        'Disabilita la forzatura dell' utente guest per abilitare i privilegi dello shutdown remoto
28      ForceGuest = Registry_GetValue(HKEY_LOCAL_NomePC, "SYSTEM\CurrentControlSet\Control\Lsa", "forceguest")
29      If ForceGuest = "1" Then Registry_SetValueDword HKEY_LOCAL_NomePC, "SYSTEM\CurrentControlSet\Control\Lsa", "forceguest", &H0

        'Spegne il pc
30      If InitiateSystemShutdown(NomePC, Messaggio, Ritardo, True, False) = 0 Then
31          MsgBox "ShoutDown Fallito Errore " & Err.LastDllError
32          SpegniPC = False
        End If
       
        'Ripristina la forzatura dell' utente guest se disabilitata con le righe precedenti
33      If ForceGuest = "1" Then Registry_SetValueDword HKEY_LOCAL_NomePC, "SYSTEM\CurrentControlSet\Control\Lsa", "forceguest", &H1

        'disabilita i privilegi assegnati con le righe precedenti
34      NuovoTokenStuff.Privileges(0).Attributes = 0
35      If AdjustTokenPrivileges(TokenHandle, False, NuovoTokenStuff, Len(NuovoTokenStuff), VecchioTokenStuff, Len(VecchioTokenStuff)) = 0 Then
            Exit Function
        End If
       

    End Function


0
 
RevelationCSCommented:
okay, this appears to be something that is more deserving of the VB section of the programming area and should be posted there in my honest opinion...
0
 
MarcoPanzaAuthor Commented:
I think the problem is not a source code (1 PC work fine) but a PC configuration.I don't know the fondamental parameter that cause the error (access deniter).What can i do ?
0
 
MarcoPanzaAuthor Commented:
I understand.I logged as administrator group and not as 'administrator'.Can i logged as Marco (for example) and be administator.
0
 
grayeCommented:
Yes, you can log in as any account that has Administrator rights, that shouldn't have anything to do with it.

Yed, I'd agree, there's something different about that one server that's the root of the problem.   By the way, I assume the failure is on line 31?
0
 
MarcoPanzaAuthor Commented:
Yes the error is on line 31.If i logged with 'administrator' work fine.If i logged with 'Marco' (Marco is administrator group) don't work.In another PC if i logged with michele (michele is administrator group) work fine.On my PC if i logged with 'Marco' don't work (only if i logged with administrator work fine).Can i logged with Marco and shutdown another PC or i must logged only with 'administrator' for solved a problem ?
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 6
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now