locked
Call to GetNamedSecurityInfo returns Access Denied RRS feed

  • Question

  • Hi,

    I need to access a Smart card resource from a WCF service running under IIS 7.5 in Windows Server 2008R2

    As on Windows 7, the sevice can't access the smart card manager, however using a program that give access using ACL API it works under Win7.

    The issue I face now is that the program I used to authorize this doesn't run under Windows Server 2008, even in administrator mode.  The function GetNamedSecurityInfo returns 5 (Access Denied) and I can't SetACL for the Smart card resource manager.

    Any one would have the solution either to enable this program to run correctly or to authorize the access to the Smart card resource manager from the WCF service.

    Thks

    O. Rouit

     

     

     

     

     


    Software Architect, Advanced IT Tokens Team - Gemalto
    Monday, October 3, 2011 4:06 AM

Answers

  • You want thinks done... do it yourself!

    On another WS2008 this program was working, so after some investigation we discovered that this server was on a Domain while the 2 others were not.

    Ironically we thought about that but I couldn't understand why the GetNamedSecurityInfo would behave differently if the server was part of a Domain or not. It matters!

    So from that investigation and the tests we did, it is clear that GetNamedSecurityInfo() returns "Access Denied" when called on a Windows Server 2008 which is not part of a Domain (or domain controler I suppose if the only server in the network.

    Problem solved. I just regret that no one within MS and monitoring this forum could guide me to the solution.

    /o. Rouit

     

     

     


    Software Architect, Advanced IT Tokens Team - Gemalto
    • Marked as answer by Nick Asseloos Thursday, November 3, 2011 9:59 PM
    Wednesday, October 5, 2011 6:36 AM

All replies

  • You want thinks done... do it yourself!

    On another WS2008 this program was working, so after some investigation we discovered that this server was on a Domain while the 2 others were not.

    Ironically we thought about that but I couldn't understand why the GetNamedSecurityInfo would behave differently if the server was part of a Domain or not. It matters!

    So from that investigation and the tests we did, it is clear that GetNamedSecurityInfo() returns "Access Denied" when called on a Windows Server 2008 which is not part of a Domain (or domain controler I suppose if the only server in the network.

    Problem solved. I just regret that no one within MS and monitoring this forum could guide me to the solution.

    /o. Rouit

     

     

     


    Software Architect, Advanced IT Tokens Team - Gemalto
    • Marked as answer by Nick Asseloos Thursday, November 3, 2011 9:59 PM
    Wednesday, October 5, 2011 6:36 AM
  • Dear Rouit,

    Glad you could figure out the problem yourself; however this was the incorrect forum to post.

    As this one is dedicated to the Windows Server Solutions SDK.


    Nick Asseloos MVP Windows Home Server
    Thursday, November 3, 2011 9:59 PM
  • I'm having the same issue again which looks to be random. Could you tell me where I could post a request for that issue.

    It's completely blocking as I need to access a smartcard from a WCF service and I can't use this method then set the ACL, as even reading it doesn't work.

    In a more fundamental aspect I simply don't understand why a Service running on a Windows server can't access a smartcard reader! It looks like this restriction as been introduced in Vista and Windows server 2008.

    It seems incredible that the Administrator of the machine can't even read an existing DACL entry.

    GetNamedSecurityInfo with the object name "Global\\Microsoft Smart Card Resource Manager Started" systematically fails with ACCESS_DENIED.

    How to correct this?

    Thanks

    O.Rouit

     

     

     


    Software Architect, Advanced IT Tokens Team - Gemalto
    Friday, January 6, 2012 8:46 AM