How to start/stop windows service on a remote machine?

Discussion in 'ASP .Net' started by Goran Djuranovic, Feb 21, 2007.

  1. Hi all,
    I have a web app running on a local PC that can start and stop windows service on a remote machine, but only when I browse to it locally. If I browse to it from my other PC and try to start/stop the service, it gives me "Cannot open Service Control Manager on computer 'xxx.xxx.xxx.xxx'. This operation might require other privileges." error.

    Helpfull info:
    - I am an admin on all 3 PCs
    - web app is using "Windows" authentication (Integ. Win. Auth. turned ON in IIS, Anonimous Auth. turned OFF), plus "impersonation"
    *** from web.config ***:
    <authentication mode="Windows" />
    <identity impersonate="true" />
    <authorization>
    <allow users="*" />
    <deny users="?" />
    </authorization>

    Now, I can make it work, if I add user name and password to impersonation part:
    <identity impersonate="true" userName="xxxx" password="xxxx" />
    but I need the app to impersonate multiple people (admins), and not one person.

    Also, when I don't provide userName and password, event viewer one a remote machine logs "ANONIMOUS LOGON" entry, but when I do provide userName and password the event viewer logs "<MyDomainUser>" entry. All is entered under "Security" log file.

    I triple checked my IIS settings, and they see to be fine. What am I doing wrong?

    Thanks
    Goran
     
    Goran Djuranovic, Feb 21, 2007
    #1
    1. Advertising

  2. Goran Djuranovic

    bruce barker Guest

    window authentication does not allow credentials forwarding. you need to
    switch to basic or kerberos and in the case of kerberos enable
    forwarding on the servers.

    -- bruce (sqlwork.com)


    Goran Djuranovic wrote:
    > Hi all,
    > I have a web app running on a local PC that can start and stop windows
    > service on a remote machine, but only when I browse to it locally. If I
    > browse to it from my other PC and try to start/stop the service, it
    > gives me "Cannot open Service Control Manager on computer
    > 'xxx.xxx.xxx.xxx'. This operation might require other privileges." error.
    >
    > Helpfull info:
    > - I am an admin on all 3 PCs
    > - web app is using "Windows" authentication (Integ. Win. Auth. turned ON
    > in IIS, Anonimous Auth. turned OFF), plus "impersonation"
    > *** from web.config ***:
    > <authentication mode="Windows" />
    > <identity impersonate="true" />
    > <authorization>
    > <allow users="*" />
    > <deny users="?" />
    > </authorization>
    >
    > Now, I can make it work, if I add user name and password to
    > impersonation part:
    > <identity impersonate="true" userName="xxxx" password="xxxx" />
    > but I need the app to impersonate multiple people (admins), and not one
    > person.
    >
    > Also, when I don't provide userName and password, event viewer one a
    > remote machine logs "ANONIMOUS LOGON" entry, but when I do provide
    > userName and password the event viewer logs "<MyDomainUser>" entry. All
    > is entered under "Security" log file.
    >
    > I triple checked my IIS settings, and they see to be fine. What am I
    > doing wrong?
    >
    > Thanks
    > Goran
    >
    >
     
    bruce barker, Feb 21, 2007
    #2
    1. Advertising

  3. Hello Goran,

    I've also found your another cross thread in the
    microsoft.public.dotnet.framework.aspnet.security newsgroup. This is a
    typical double hop issue of windows authentication. I have posted some
    information and suggestion in that thread. Please feel free to followup
    there if there is anything else we can help.

    Sincerely,

    Steven Cheng

    Microsoft MSDN Online Support Lead


    This posting is provided "AS IS" with no warranties, and confers no rights.
     
    Steven Cheng[MSFT], Feb 22, 2007
    #3
  4. Thanks guys. I have posted some additional questions on cross thread in the
    "microsoft.public.dotnet.framework.aspnet.security" group.

    Goran Djuranovic



    "Steven Cheng[MSFT]" <> wrote in message
    news:...
    > Hello Goran,
    >
    > I've also found your another cross thread in the
    > microsoft.public.dotnet.framework.aspnet.security newsgroup. This is a
    > typical double hop issue of windows authentication. I have posted some
    > information and suggestion in that thread. Please feel free to followup
    > there if there is anything else we can help.
    >
    > Sincerely,
    >
    > Steven Cheng
    >
    > Microsoft MSDN Online Support Lead
    >
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    >
     
    Goran Djuranovic, Feb 22, 2007
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tom wilson
    Replies:
    1
    Views:
    639
    Scott O'S
    May 17, 2005
  2. Will
    Replies:
    1
    Views:
    15,246
    Thomas Weidenfeller
    Nov 2, 2004
  3. Tim Chandler
    Replies:
    0
    Views:
    218
    Tim Chandler
    Oct 7, 2003
  4. Goran Djuranovic

    How to start/stop windows service on a remote machine?

    Goran Djuranovic, Feb 21, 2007, in forum: ASP .Net Security
    Replies:
    5
    Views:
    474
    Steven Cheng[MSFT]
    Feb 28, 2007
  5. Replies:
    0
    Views:
    370
Loading...

Share This Page