Using ServiceController to remotely administer windows services

Discussion in 'ASP .Net Security' started by Tony201, Jun 8, 2009.

  1. Tony201

    Tony201 Guest

    Hi All,

    I have an application that uses ASP.NET to control windows services on
    various remote windows 2003 servers. Furthermore the application queries an
    SQL Server database using integrated authentication. I have setup a domain
    user to run my app pool for this application and setup constrained delegation
    to allow integrated authentication for SQL Server. All works well on my
    development XP machine and when I move the application to the server, SQL
    Server access is fine but I get an error when I try to query the services.
    However, when I turn impersonation off in web.config, SQL Server access fails
    (as expected) but querying windows services works (NOTE: that my app pool
    account is admin on all servers concerned so permission shouldn't be an

    My question is
    Is it possible to impersonate a user to control a service on a remote machine?
    If so, do I need to setup an SPN for this or do some other configuration?
    If I need to setup an SPN, what is the service type of the Service
    Controller Manager and what account do I need to setup this SPN for?

    Error message when impersonation is turned on
    [Win32Exception (0x80004005): Access is denied]

    [InvalidOperationException: Cannot open Service Control Manager on computer
    'serverxxxx'. This operation might require other privileges.]

    machineName, Int32 serviceControlManaqerAccess) +35775

    System.ServiceProcess.ServiceController.GetDataBaseHandleWithEnumerateAccess(String machineName) +9
    machineName, Int32 serviceType) +143
    System.ServiceProcess.ServiceController.GetServices(String machineName) +9
    AutonomyAdmin.test.test2() +400
    AutonomyAdmin.test.Page_Load(Object sender, EventArgs e) +137
    System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o,
    Object t, EventArgs e) +14
    System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender,
    EventArgs e) +35
    System.Web.UI.Control.OnLoad(EventArgs e) +99
    System.Web.UI.Control.LoadRecursive() +50
    includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627

    Code used to query Windows Services
    private void test1()
    BoundColumn serviceName = new BoundColumn();
    serviceName.DataField = "displayName";
    serviceName.HeaderText = "Service Name";
    serviceName.ItemStyle.CssClass = autnCssConstants.cssServerColumn;

    //Initialise datagrid
    DataGrid dGrid = new DataGrid();
    dGrid.CssClass = autnCssConstants.cssDatabaseTable;
    dGrid.EnableViewState = false;
    dGrid.HeaderStyle.CssClass =
    dGrid.AlternatingItemStyle.CssClass =
    dGrid.AutoGenerateColumns = false;

    //Add columns

    //Bind data
    dGrid.DataSource = ServiceController.GetServices("serverxxxx");
    Tony201, Jun 8, 2009
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.