[wpkg-users] WPKG and Vista UAC

Vladimír Pšenička vladimir.psenicka at prodeco.cz
Fri May 23 13:07:29 CEST 2008


So local setting done with wpkg service are ok (no errors) on Vista,
example:

> <package
> 		id="firewall - vnc"
> 		name="Open port TCP 5900 on Windows"
> 		revision="4"
> 		reboot="false"
> 		notify="false"
> 		priority="100"
> 		execute="once">
> 		
> 		<install cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\system32\netsh.exe" netsh firewall add portopening TCP 5900 VNC enable subnet' />
> 		
> 		<remove cmd='%COMSPEC% /C if exist "%SYSTEMROOT%\system32\netsh.exe" netsh firewall delete portopening TCP 5900' />
> 		
> 	</package>

so I tested same settings on XP machine and doesn't work either

log from samba machine:

> [2008/05/23 12:32:45, 3] smbd/error.c:error_packet(146)
>   error packet at smbd/reply.c(676) cmd=117 (SMBtconX) NT_STATUS_ACCESS_DENIED
> [2008/05/23 12:32:45, 3] smbd/process.c:process_smb(1110)
>   Transaction 111 of length 86
> [2008/05/23 12:32:45, 3] smbd/process.c:switch_message(914)
>   switch message SMBtconX (pid 5113) conn 0x0
> [2008/05/23 12:32:45, 3] smbd/sec_ctx.c:set_sec_ctx(241)
>   setting sec ctx (0, 0) - sec_ctx_stack_ndx = 0
> [2008/05/23 12:32:45, 2] smbd/service.c:make_connection_snum(569)
>   guest user (from session setup) not permitted to access this share (install)
> [2008/05/23 12:32:45, 3] smbd/error.c:error_packet(146)

problem is that guest user cannot access share, so I added "guest ok =
yes" to smb.conf, before this I had Domain Admin account in WPKG execute
context user, so access to share wasn't problem, but Vista with UAC
didn't work (need to elevate user rights).

Final I have:
---
WPKG path user: domain user
WPKG execution context user: SYSTEM
"guest ok = yes" in smb.conf in share definition on samba machine
---

and everything works fine on XP and Vista with UAC

Thank you for your help



Tomasz Chmielewski napsal(a):
> Vladimír Pšenička schrieb:
>> Yes samba share, samba version is 3.0.24, I dont have ACL support
>> enabled. But WPKG path user (domain user) can access samba share (read)
>> without problem.
> 
> Check your Samba logs.
> 
> The easiest way would be to:
> 
> Set them to "log level = 3". Make the log size of 1000.
> 
> Clear the log (but not remove it!) for the given workstation - from bash
> prompt, do:
> 
> # >/var/log/samba/log.workstation_name
> 
> Then, from a cmd.exe window do (started as Administrator):
> 
> net stop "WPKG service"
> net start "WPKG service"
> 
> 
> Check Samba log for that workstation, it will give you some hint on
> where you connect to, with what credentials, and why it fails (or
> succeeds).
> 
> 

-- 
Vladimir Psenicka
IT system engineer
Prodeco a.s.



More information about the wpkg-users mailing list