Remotely initiated script cannot access network shares? 
Author Message
 Remotely initiated script cannot access network shares?

This is really strange:

Assuming computers A, B, and C are all in the same domain...
If I work from Machine A to run a script using remote scripting on Machine
B, and that script tries to access a share on Machine C, the share access
fails, even though the account I'm using--and the security context of which
the script is running under--has sufficient privileges.

Has anyone experienced this problem?



Mon, 15 Mar 2004 02:35:06 GMT  
 Remotely initiated script cannot access network shares?
Asked and answered in the ...scripting.remote newsgroup

<tip>
Multiposting is posting separate copies of the same question to different newsgroups rather than
crossposting one copy. Crossposting is just like addressing a mail message to more than one email
address. In the case of a newsgroup post, the "addressees" are the names of the newsgroups.

Newsgroup regulars get somewhat annoyed when coming across the same question as a separate post in a
newsgroup after having already replied to a separate copy elsewhere. A crossposted question is only
one message. It can be read and replied to from any of the NGs to which it was posted, saving
everyone (including the original poster - that would be you ;-) a lot of time and aggravation...

Since you are using Outlook Express, read the help topic "Viewing and Posting To Newsgroups",
especially the subtopic on posting.

Common netiquette dictates that you be selective when you crosspost. Choose only 2 or perhaps 3
*relevant* newsgroups. Crossposting to too many newsgroups or to newsgroups that have nothing to do
with the question you are asking will likely get you flamed or ignored ;-)...
</tip>

--
Michael Harris
Microsoft.MVP.Scripting
--

Please do not email questions - post them to the newsgroup instead.
--

Quote:

> This is really strange:

> Assuming computers A, B, and C are all in the same domain...
> If I work from Machine A to run a script using remote scripting on Machine
> B, and that script tries to access a share on Machine C, the share access
> fails, even though the account I'm using--and the security context of which
> the script is running under--has sufficient privileges.

> Has anyone experienced this problem?



Mon, 15 Mar 2004 03:04:21 GMT  
 Remotely initiated script cannot access network shares?
Sorry for not being clear.

Can you elaborate on why the remotely executed script cannot access network
resources?  This limitation knocks down the usefulness of this functionality
quite a bit.



Quote:
> Clarify your situation...you posted in a newsgroup intended for web based

"Remote Scripting".  You
Quote:
> didn't mention WSH at all in your original post...

> If you are using the new WshController/WshRemote objects, then the

remotely executed script won't be
Quote:
> able to access remote machine resources.

> --
> Michael Harris
> Microsoft.MVP.Scripting
> --

> Please do not email questions - post them to the newsgroup instead.
> --




Quote:
> > Thanks.  Not sure how this helps me though.  How does WSH impersonate
the
> > user that initiates the script?



> > > Q207671 - HOWTO: Accessing Network Files from IIS Applications
> > > http://support.microsoft.com/support/kb/articles/Q207/6/71.ASP

> > > --
> > > Michael Harris
> > > Microsoft.MVP.Scripting
> > > --

> > > Please do not email questions - post them to the newsgroup instead.
> > > --



> > > > This is really strange:

> > > > Assuming computers A, B, and C are all in the same domain...
> > > > If I work from Machine A to run a script using remote scripting on
> > Machine
> > > > B, and that script tries to access a share on Machine C, the share
> > access
> > > > fails, even though the account I'm using--and the security context
of
> > which
> > > > the script is running under--has sufficient privileges.

> > > > Has anyone experienced this problem?



Mon, 15 Mar 2004 03:46:36 GMT  
 Remotely initiated script cannot access network shares?
The WshRemote instance (an instance of wscript.exe running as a remote ActiveX EXE server) is
impersonating the account of the original client that launches it.  It does not have clear text
credentials to use when it receives an NT challenge/response when attempting to access another
remote resource.

The scenario is very similar to the ASP situation of anonymous or NTLM authenticated server side
code trying to access UNC paths.  ASP has the Basic Authentication "solution", whereas WSH does not.

In a Win2K/XP domain using Kerberos, you could configure DCOM to use delegation which does work for
multiple machine hops.  You could even use dcomcnfg (on NT4 or any non-Kerberos domain) to have
WshRemote run under an explicit domain account (on the Identity tab) which would let it make the
machine hop.  But you do that sort of thing at your own risk - you would probably want to severely
limit launch permissions as well.

Another choice is to write/deploy MTS/COM+ components (which can even be WSCs) but it the target is
a large number of servers then that can be a real deployment pain...  Since VBScript 5.1, the
"remote server" argument of VBScript's CreateObject has worked as advertised.

--
Michael Harris
Microsoft.MVP.Scripting
--

Please do not email questions - post them to the newsgroup instead.
--

Quote:

> Sorry for not being clear.

> Can you elaborate on why the remotely executed script cannot access network
> resources?  This limitation knocks down the usefulness of this functionality
> quite a bit.



> > Clarify your situation...you posted in a newsgroup intended for web based
> "Remote Scripting".  You
> > didn't mention WSH at all in your original post...

> > If you are using the new WshController/WshRemote objects, then the
> remotely executed script won't be
> > able to access remote machine resources.

> > --
> > Michael Harris
> > Microsoft.MVP.Scripting
> > --

> > Please do not email questions - post them to the newsgroup instead.
> > --



> > > Thanks.  Not sure how this helps me though.  How does WSH impersonate
> the
> > > user that initiates the script?



> > > > Q207671 - HOWTO: Accessing Network Files from IIS Applications
> > > > http://support.microsoft.com/support/kb/articles/Q207/6/71.ASP

> > > > --
> > > > Michael Harris
> > > > Microsoft.MVP.Scripting
> > > > --

> > > > Please do not email questions - post them to the newsgroup instead.
> > > > --



> > > > > This is really strange:

> > > > > Assuming computers A, B, and C are all in the same domain...
> > > > > If I work from Machine A to run a script using remote scripting on
> > > Machine
> > > > > B, and that script tries to access a share on Machine C, the share
> > > access
> > > > > fails, even though the account I'm using--and the security context
> of
> > > which
> > > > > the script is running under--has sufficient privileges.

> > > > > Has anyone experienced this problem?



Mon, 15 Mar 2004 04:21:32 GMT  
 
 [ 4 post ] 

 Relevant Pages 

1. access to network share in remote script

2. Access, share your PC's files remotely over the Internet for free

3. Access, share your PC's files remotely over the Internet for free

4. Access, share your PC's files remotely over the Internet for free

5. Access, share your PC's files remotely over the Internet for free

6. How do I initiate a Domain Sync remotely?

7. Remotely initiating a windows task

8. FolderExists reports true on a network share when I have no access

9. Network / Shared Drive Access

10. accessing network shares while running remote WSH

11. Initiating a Dial-Up Network connection

12. Connecting to network shares when network is detected only - help please

 

 
Powered by phpBB® Forum Software