WMI Win32_Share Access Denied on Windows 10

Question

We have the following code that we've been using to create shares in Windows 7:

    public static CreateUncShareResult Create(string path, string shareName, string description, AccessControlList permissions) {
        ManagementClass managementClass = new ManagementClass(WIN32_Share);
        const string METHOD_NAME = "Create";
        ManagementBaseObject inParams = managementClass.GetMethodParameters(METHOD_NAME);
        inParams["Description"] = description;
        inParams["Name"] = shareName;
        inParams["Path"] = path;
        inParams["Type"] = 0x0; // Disk Drive
        inParams["Access"] = permissions;

        ManagementBaseObject outParams = managementClass.InvokeMethod(METHOD_NAME, inParams, null);
        return (CreateUncShareResult)(outParams.Properties["ReturnValue"].Value);
    }

public enum CreateUncShareResult: uint {
    Success = 0,
    [Description("Access Denied")]
    AccessDenied = 2,
    [Description("Unknown failure")]
    UnknownFailure = 8,
    [Description("Invalid Name")]
    InvalidName = 9,
    [Description("Invalid Level")]
    InvalidLevel = 10,
    [Description("Invalid Parameter")]
    InvalidParameter = 21,
    [Description("Duplicate Share")]
    DuplicateShare = 22,
    [Description("Redirected Path")]
    RedirectedPath = 23,
    [Description("Unknown Device or Directory")]
    UnknownDeviceOrDirectory = 24,
    [Description("Net Name Not Found")]
    NetNameNotFound = 25,
}

It has always worked fine. Recently, we got new development machines with Windows 10. The above code now fails, returning a value of 2: Access Denied.

We've been searching high and low for a reason as to why this is happening. The user that runs this code has local Administrator privileges.

Is there some difference between Windows 7 and Windows 10 that would cause this? Is there some special permission that needs to be granted in Windows 10 that wasn't required in Windows 7?

Edit: We are doing this in an Asp.Net MVC 5 web app, and NOT in a desktop application or a Windows service. We do have an automated test that runs this code, and the same result occurs. The code that calls this code elevates (impersonates) a user that is a local administrator on the machine.

in Win7, moving UAC slider down disables UAC, starting with Win8, this leaves UAC turned on. so this is the diff — magicandre1981, May 10 '18 at 15:23
I should clarify that this is done in an Asp.Net MVC web app. I assume the UAC concerns don't apply. — Marc Chu, May 10 '18 at 17:17

score 0 · Accepted Answer · answered May 14 '18 at 16:29

Turns out our head systems engineer had the answer to this one. It is a problem with UAC. However, as mentioned above, since this is a web app, the solution doesn't involve hoisting permissions using the app manifest. I needed to edit a group policy.

Using gpedit:

Computer Configuration -> Windows Settings -> Security Settings -> Local Policies -> Security Options

The setting for "User Account Control: Run all administrators in Admin Approval Mode" needs to be Disabled.

WMI Win32_Share Access Denied on Windows 10

1 Answers1