Re: LSA vs LSP GUI on Vista/2008?

Hi Jialiang, Joe,

I really wish I hadn't mentioned the dreaded .NET word. I have no
interest in calling anything from .NET or writing any wrapper in .NET or
wrapping a COM class in .NET or calling native code from .NET using
P/Invoke or any other combination of convoluted .NET interop.

What I was originally trying to ask, is if there already exists a
managed class in .NET that can enumerate the LSA - I think the answer to
that was "No". Sorry for not being clear enough earlier.

Now the interesting stuff:

Regarding writing COM classes, ATL/COM Servers, WMI providers etc., I'm
very interested in this, but I have some major concerns listed below,
I'd very much appreciate any comments:

1. Where is the roadmap on Microsoft's website showing the future of
ATL/COM?

2. How quickly can we expect bugs in ATL to be fixed over the next two
years 2009/2011 compared to .NET?

3. My native code in C/C++ is able to work with LSA on thousands of
remote machines without any installation. My understanding is that in
order to use COM clients and servers, I'd need information added to the
registry of EVERY remote machine?

4. Regarding writing a WMI provider, and assuming this provider would be
installed to the target machine, is there any way to install a WMI
provider to a remote machine at run time and then uninstall it when the
calling program finishes? What about enabling a WMI provider that's shipped with Windows but not installed, such as the MSI provider on Windows Server 2003 or the SNMP provider on Windows Server 2008, is it possible to enable them on thousands of machines without logging in to each one with an interactive shell?

5. Using .NET remoting, my understanding is that it will only work if
the class exists in the library of the remote machine, so it's the same
problem of having to install it to thousands of machines? Can it work
without Admin rights, like what you can do with DCOM?

5a. Seems like the same weakness in PowerShell?

6. Using WinRM, my understanding is that it's disabled by default and it
only works with Admin rights - unlike DCOM that can work without Admin
rights.

I like the examples on codeplex, but I did not see much information about perfecting the installation process for remote machines; these things sometimes need keys written to HKLM\Software\Classes, AppID, CLSID, then x-ref GUIDs pointing all over the place, then launch/activation ACLs. It's easy on a local machine with Admin rights and Visual Studio, but I have not found a good way to do this on thousands of machines at run time, and then clean them up after.

Cheers.

Jialiang Ge [MSFT] wrote:
I agree with Joe. Many functions provided by .NET class library eventually calls into Windows API using something similar to P/Invoke. Using P/Invoke is safe as long as the signature is written rightly and the parameters do not require pointers. The unsafe programming in .NET generally refers to the direct operations on memory using pointers, for example, http://www.codeproject.com/KB/cs/unsafe_prog.aspx.

Regarding how to write a COM component in .NET, my HelloWorld project has a sample for it: CSDllCOMServer
http://www.codeplex.com/HelloWorld
You can find the detailed steps of building such a component in the sample's ReadMe.txt file. Inside the component, you can expose a method that P/Invokes the native API LsaEnumerateAccountsWithUserRight.

Regards, Jialiang Ge (jialge@xxxxxxxxxxxxxxxxxxxx, remove 'online.')
Microsoft Online Community Support

=================================================
Delighting our customers is our #1 priority. We welcome your comments and suggestions about how we can improve the support we provide to you. Please feel free to let my manager know what you think of the level of service provided. You can send feedback directly to my manager at: msdnmg@xxxxxxxxxxxxxx

This posting is provided "AS IS" with no warranties, and confers no rights.
=================================================



--
Gerry Hickman (London UK)
.

Relevant Pages

  • Re: LSA vs LSP GUI on Vista/2008?
    ... I mentioned WMI because Joe had suggested it in this thread, I will instead post to WMI group about it. ... I was assuming you could remote a call to any class that's part of the base .NET Framework on the remote machine. ... the app that uses the COM object does not need the Admin privileges. ... you need the admin privileges only during the installation. ...
    (microsoft.public.platformsdk.security)
  • Re: New to Replication - Need Help
    ... installation onto the local machine. ... able to set up the remote machine with its local replica and then ... that experienced in Access to be honest :-) but if the remote users are ...
    (microsoft.public.access.replication)
  • Re: Securing win32_process.create ?
    ... I don't remember you saying the client user should not have admin rights to the target machine? ... It would be an odd case, since DCOM and namespace security would need hacked to allow it, then you'd have to ask why a non-administrative user would be allowed to run a process on a remote machine and you'd also have to ask what that process would be able to do? ... Matt Brown - nyc wrote: ... On Jan 28, 2:59 pm, Gerry Hickman ...
    (microsoft.public.win32.programmer.wmi)
  • Re: [opensuse] Remote installation, how to find out public dynamic IP
    ... I'd like to perform an ssh-based network installation on a remote machine ... Is it possible to find out the public IP address of the DSL router on the ... Does that computer have a consistent host name? ...
    (SuSE)
  • PSExec vs Task Scheduler
    ... Can someone explain/clarify any differences between launching processes on ... a remote machine using psexec with/without specific user credentials? ... If I stage the installation file to the remote machine (a Wise created .exe ...
    (microsoft.public.win2000.cmdprompt.admin)