12

I am using C#...

I need the ability to copy a set of files to about 500 unique computers. I have successfully been able to use the LogonUser() method to impersonate a domain account that has the required permissions to copy the files. The destination path for the files is something like:

\\RemoteComputer\C$\SomeFolder

My questions is...is there a way to do this without having to use an all-powerful domain account (these computers may not be joined to the domain in the future)? I have the local administrator accounts for every computer...is there a simple way to copy a file to a computer using it's LOCAL administrator account rather than a domain account?

Casey Gay
  • 311
  • 1
  • 3
  • 10

2 Answers2

8

Correct me if I'm wrong, but you can use LogonUser to impersonate a local group also not only domain accounts.

From the net:

Imports System 
Imports System.Runtime.InteropServices 
Imports System.Security.Principal 
Imports System.Security.Permissions 
Public Class Form1 
    <DllImport("advapi32.DLL", SetLastError:=True)> _ 
    Public Shared Function LogonUser(ByVal lpszUsername As String, ByVal lpszDomain As String, _ 
        ByVal lpszPassword As String, ByVal dwLogonType As Integer, ByVal dwLogonProvider As Integer, _ 
        ByRef phToken As IntPtr) As Integer 
    End Function 
    Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click 
        Dim admin_token As IntPtr 
        Dim wid_current As WindowsIdentity = WindowsIdentity.GetCurrent() 
        Dim wid_admin As WindowsIdentity = Nothing 
        Dim wic As WindowsImpersonationContext = Nothing 
        Try 
            MessageBox.Show("Copying file...") 
            If LogonUser("Local Admin name", "Local computer name", "pwd", 9, 0, admin_token) <> 0 Then 
                wid_admin = New WindowsIdentity(admin_token) 
                wic = wid_admin.Impersonate() 
                System.IO.File.Copy("C:\right.bmp", "\\157.60.113.28\testnew\right.bmp", True) 
                MessageBox.Show("Copy succeeded") 
            Else 
                MessageBox.Show("Copy Failed") 
            End If 
        Catch se As System.Exception 
            Dim ret As Integer = Marshal.GetLastWin32Error() 
            MessageBox.Show(ret.ToString(), "Error code: " + ret.ToString()) 
            MessageBox.Show(se.Message) 
        Finally 
            If wic IsNot Nothing Then 
                wic.Undo() 
            End If 
        End Try 
    End Sub 
End Class
Shay Erlichmen
  • 31,691
  • 7
  • 68
  • 87
  • 1
    You are correct. I was using a different value for the logonType parameter which was not working...once I switched to LOGON32_LOGON_NEW_CREDENTIALS it works like a champ! Thanks! – Casey Gay Apr 20 '09 at 16:11
  • 1
    I believe this only works if the admin password is the same on the computer you're running on, and the remote computer. "The LogonUser function attempts to log a user on to the local computer. The local computer is the computer from which LogonUser was called. You cannot use LogonUser to log on to a remote computer." – Mark Brackett Apr 21 '09 at 10:51
  • For the above code, in LogOnUser Function provide the Local Admin name as User Name and Local computer name as Domain and password as password. All these credentials are the destination machine (or server).It will work. Thanks a lot! – Visu V Dec 17 '12 at 13:52
2

WNetAddConnection2 will do the trick. Just use an empty string for the local device name, to avoid mapping a drive. You also want to make sure and close the connection when you're done. I wrap it into a NetworkConnection class that implements IDisposable.

Mark Brackett
  • 84,552
  • 17
  • 108
  • 152