3

I have a c# program that uses MBNApi for managing a Mobile Broadband 4G modem.

When I run the program interactively with an unprivileged local user, everything goes fine.

But, When i run that code from a Scheduled Task (task Scheduler runs under the SYSTEM/S-1-5-18 security context) that is configured to run with the same unprivileged user and with "Run with highest privileges", as soon as I call a method of the classes exposed by this API, for example "GetInterfaces":

MbnInterfaceManager mbnInfMgr = new MbnInterfaceManager();
IMbnInterfaceManager infMgr =(IMbnInterfaceManager)mbnInfMgr;
IMbnInterface[] interfaces =(IMbnInterface[])infMgr.GetInterfaces();

I get the folowing exception:

Application: xxxx.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception info: System.UnauthorizedAccessException
   in MbnApi.IMbnInterfaceManager.GetInterfaces()

Unprivileged account I use for running the scheduled task is a member of BUILT-IN group "Distributed COM Users"/S-1-5-32-562 That group has full permissions over all DCOM objects on the system

As I told previously, the code ran out of the context of a Scheduled task with the same unprivileged account does note generate this error. I tried to add BUILTIN SYSTEM (S-1-5-18) and "NETWORK SERVICE" (S-1-5-20) accounts to the "Distributed COM Users" group but the exception fires anyway:

System.UnauthorizedAccessException was unhandled
  HResult=-2147024891
  Message=Acceso denegado. (Excepción de HRESULT: 0x80070005 (E_ACCESSDENIED))
  Source=xxxx
  StackTrace:
       en MbnApi.IMbnInterfaceManager.GetInterfaces()
       en xxxx.mbn.use_MBNApi() en C:\Users\zzzzz\Documents\Visual Studio 2015\Projects\xxxx\xxxx\Program.cs:línea 2270
       en xxxx.Program.Main(String[] args) en C:\Users\zzzzzz\Documents\Visual Studio 2015\Projects\xxxx\xxxx\Program.cs:línea 3114

Any ideas of the rights I have to set for SYSTEM or the unprivileged account in order to solve the problem?

Pepin Padin
  • 31
  • 4
  • Is this a console program or a gui program? – WithMetta Aug 31 '17 at 18:39
  • Console program – Pepin Padin Aug 31 '17 at 21:39
  • Additional information. Error does not fire if: - The unprivileged user is added to BUILTIN\Administrators group (quite obvious) , Or - The scheduled task is configured to "Run only when user is logged on" (instead of "Run whether user is logged on or not") and the unprivileged user has opened an interactive session at the machine with an active desktop loaded. It´s really strange. It seems that when the methods of the classes expossed by this API need to be called by an unprivileged account, it is needed desktop interaction. Does that make any sense for any of you? – Pepin Padin Sep 01 '17 at 14:14
  • Yes. Excel interop did something exactly like that to me. – WithMetta Sep 01 '17 at 14:16
  • https://stackoverflow.com/questions/22459127/why-does-systemprofile-need-desktop-folder-to-open-excel-file – WithMetta Sep 01 '17 at 14:18
  • Thanks for the comment WithMetta but I´m not trying to automate a Office Applicattion. In my case, the problem are clearly "UserRights". When I make the account used for launching the Scheduled Task a member of "Administrators", call to "GetInterfaces" returns no error although the user has not started an interactive session – Pepin Padin Sep 01 '17 at 17:32

0 Answers0