Jun 10, 2010
Here is the final code that worked for me. This uses WNetAddConnection2 to establish a connection first, before using DirectoryEntry.
View 1 Replies
So I moved the code to an ASP.Net web app, which is impersonating a service account through the Impersonate section of web.config. The account I am impersonating does not have admin rights on any of the workstations so I put in a username/password into the constructor for the computer entry like so:
Dim deComputer As New DirectoryEntry("WinNT://" + Computername + ",computer", username, password).The username is that of a domain account which has local admin rights on every workstation. If I look at the Username property of the resulting deComputer object I can see that the username matches what I entered.Also if I enter in an invalid password it throws an error, so it is authenticating in some fashion.
However if I now try and add or remove a user from a remote workstation I get a general access denied error. If I add the service account that ASP.Net is using as a local admin on that workstation it will add and remove no problem.So next I tried using the LogonAPI (advapi32.dll ->LogonUser call) to login as the user account that is a local admin on all workstations, impersonated the resulting WindowsIdentitiy and tried running just the original deComputer instantiation. When I do this every property, excepty Path, returns an OLE exception..