Permissions not Granted with wntRunAsUser
Keywords:
Question:
I have a winbatch application which runs a wntrunasuser to allow the program to switch to a user which is a domain
account operator. The wntrunasuser executes successfully but when I try to use the wntmemberdel or wntmemberset
function to add a new user to a group in the domain I receive a WIL Extender Error 530: Access Denied. If I map a drive
as the user and run user manger I can add and delete members from the group without any problems. Any ideas as to
what I am doing wrong ?
Here's a subset of my code:
AddExtender("WWWNT34I.DLL")
Group = "Eroom"
User = "addtoeroom"
Pass = "addtoeroom"
Domain = "janustires01"
PDC = "\\janustidc01"
Eroom=wntMemberLst2(PDC,Group,@LOCALGROUP)
:Add
ans = AskLine("Add User", "What is the domain\user you want to add", "")
wntRunAsUser(Domain, User, Pass, 2, 0)
rslt = wntMemberSet(PDC, Group, ans, @LOCALGROUP)
Here's the info from wwwbatch.ini
[WWWNT34I]
LastError=5 (NetLocalGroupAddMembers)
Answer:
Two suggestions:
- Does the wntMemberSet work, if the script is actually run by the domain
account operator, instead of using wntRunAsUser?
If not, make sure the user you are attempting to 'run as' has the appropriate rights.
- What if you put the wntMemberSet in a separate script, and have the
main script execute the wntRunAsUser and then launch (Run) a second script as a
new process? Note: you may need to adjust the wntRunAsUser flags to 1,
to allow new child processes to inherit security privileges. By starting the new process,
the new process inherits a more 'truly' impersonated user.
Article ID: W14271
Filename: wntRunAsUser Function - 3.txt
File Created: 2001:03:01:14:20:30
Last Updated: 2001:03:01:14:20:30