Vielen Dank für den schnellen Fix! Komisch, dass das bisher noch niemand bemerkt hat.
Mein Problem besteht aber immernoch. Der DbgView-Output sagt mir einfach überhaupt nichts. Ich weiss nicht, wo ich da ansetzen soll. Klar ist, dass es Probleme beim Finden der Benutzer gibt (aber eben nicht immer). Aber wie's scheint, ist das nicht unbedingt das Problem. Ich habe nun auf einer physikalischen Maschine zwei Domänen-Benutzer. Beim einen (Benutzer2) geht's, beim anderen (
Benutzer 1) nicht. Ich bin echt am Ende meines Lateins. Hast du mir da noch Tipps? Was evtl. noch speziell an diesem Setup ist, ist die Tatsache, dass bei jedem Policy-Refresh die Liste der Mitglieder der Administratorengruppe neu geschrieben wird. Aber das wird sie auch bei dem Benutzer, bei dem es funktioniert.
Wie gesagt, ich komme nicht weiter. Ich erkenne auch keinen eindeutigen Unterschied zwischen den Outputs von Benutzer1 und Benutzer2. Aber es kann gut sein, dass ich es einfach nicht mehr sehe. Wäre toll, wenn du da kurz einen Blick darauf werfen könntest.
Kommandozeile: surun C:\Windows\System32\mmc.exe C:\Windows\System32\devmgmt.msc
Benutzer2
Funktioniert, wie gewünscht.
00000001 0.00000000 [6224] .\main.cpp(86): SuRun started with (surun C:\Windows\System32\mmc.exe C:\Windows\System32\devmgmt.msc)
00000002 0.00000000 [5960] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /AskUSER)
00000003 0.00000000 [5960] .\Helpers.cpp(236): RegOpenKeyEx(80000002,SECURITY\SuRun\Cache) failed: 2(0x00000002): The system cannot find the file specified.
00000004 0.00000000 [5960]
00000005 0.00000000 [FFFFFA8012505EE0] WskProIRPGetAddrInfo is called.
00000006 0.00001112 [bind=FFFFFA800A7BBB70] Binding reference count++ = 2 (status = 00000000, impersonation= 2).
00000007 0.00001497 [FFFFFA800BC1E270] Request reference count++ = 3.
00000008 0.00004320 [FFFFFA800BC1E270] RPC method type = 1: rpc-method succeeded, queue to rpc-pending-list.
00000009 0.00004705 [FFFFFA800BC1E270] Request reference count-- = 2.
00000010 0.00047692 [FFFFFA800BC1E270] WskKnrRpcComplete: rpc calls back for completion.
00000011 0.00048205 [FFFFFA800BC1E270] WskKnrCompletePending: complete pending request (rpc=1).
00000012 0.00048547 [FFFFFA800BC1E270] Request reference count-- = 1.
00000013 0.00048890 [FFFFFA800BC1E270] Request reference count-- = 0.
00000014 0.00050258 [FFFFFA800BC1E270] WskKnrCompleteRequest: rpc completion return status = 00000000 (reply=00000000).
00000015 0.00050686 [FFFFFA800BC1E270] WskProAPIGetAddressInfo returned addrinfo: [addr=FFFFF8A00F17A4F0].
00000016 0.00051071 [bind=FFFFFA800A7BBB70] Binding reference count-- = 1.
00000017 0.00051499 [FFFFFA800BC1E270] WskKnrCompleteRequest: complete irp with IO status = 00000000.
00000018 0.10056422 [addr=FFFFF8A00F17A4F0] WskProAPIFreeAddressInfo freed addrinfo.
00000019 0.35116100 [700] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /WATCHDOG Winlogon Default 5960)
00000020 0.44688118 [5960] Blur 3840x1080 init.
00000021 0.53602970 [5960] Blur 3840x1080 exit: 89 ms
Benutzer1
Funktioniert nicht.
00000001 0.00000000 [7940] .\main.cpp(86): SuRun started with (surun C:\Windows\System32\mmc.exe C:\Windows\System32\devmgmt.msc)
00000002 0.00000000 [4172] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /AskUSER)
00000003 0.00000000 [4172] .\Helpers.cpp(236): RegOpenKeyEx(80000002,SECURITY\SuRun\Cache) failed: 2(0x00000002): The system cannot find the file specified.
00000004 0.00000000 [4172]
00000005 0.00000000 [FFFFFA80067DCEE0] WskProIRPGetAddrInfo is called.
00000006 0.00000898 [bind=FFFFFA800A7BBB70] Binding reference count++ = 2 (status = 00000000, impersonation= 2).
00000007 0.00001283 [FFFFFA800C6B4F10] Request reference count++ = 3.
00000008 0.00004149 [FFFFFA800C6B4F10] RPC method type = 1: rpc-method succeeded, queue to rpc-pending-list.
00000009 0.00004534 [FFFFFA800C6B4F10] Request reference count-- = 2.
00000010 0.00042859 [FFFFFA800C6B4F10] WskKnrRpcComplete: rpc calls back for completion.
00000011 0.00043372 [FFFFFA800C6B4F10] WskKnrCompletePending: complete pending request (rpc=1).
00000012 0.00043800 [FFFFFA800C6B4F10] Request reference count-- = 1.
00000013 0.00044142 [FFFFFA800C6B4F10] Request reference count-- = 0.
00000014 0.00045425 [FFFFFA800C6B4F10] WskKnrCompleteRequest: rpc completion return status = 00000000 (reply=00000000).
00000015 0.00045853 [FFFFFA800C6B4F10] WskProAPIGetAddressInfo returned addrinfo: [addr=FFFFF8A010F215F0].
00000016 0.00046238 [bind=FFFFFA800A7BBB70] Binding reference count-- = 1.
00000017 0.00046708 [FFFFFA800C6B4F10] WskKnrCompleteRequest: complete irp with IO status = 00000000.
00000018 0.10041751 [addr=FFFFF8A010F215F0] WskProAPIFreeAddressInfo freed addrinfo.
00000019 0.33130702 [8068] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /WATCHDOG Winlogon Default 4172)
00000020 0.46999061 [4172] Blur 3840x1080 init.
00000021 0.56561798 [4172] Blur 3840x1080 exit: 61 ms
[/color]
Kommandozeile: surun /runas C:\Windows\System32\mmc.exe C:\Windows\System32\devmgmt.msc
Benutzer2
Funktioniert nicht.
00000001 0.00000000 [284] .\main.cpp(86): SuRun started with (surun /runas C:\Windows\System32\mmc.exe C:\Windows\System32\devmgmt.msc)
00000002 0.03460342 [3852] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /AskUSER)
00000003 0.30288902 [3852] .\UserGroups.cpp(676): NetLocalGroupGetMembers(Domäne\Domain Admins) failed: 2220(0x000008AC): The group name could not be found.
00000004 0.30288902 [3852]
00000005 0.32967225 [5988] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /WATCHDOG Winlogon Default 3852)
00000006 0.40353367 [FFFFFA800A819AB0] WskProIRPGetAddrInfo is called.
00000007 0.40355504 [bind=FFFFFA800A7BBB70] Binding reference count++ = 2 (status = 00000000, impersonation= 2).
00000008 0.40356404 [FFFFFA800C2E5110] Request reference count++ = 3.
00000009 0.40363032 [FFFFFA800C2E5110] RPC method type = 1: rpc-method succeeded, queue to rpc-pending-list.
00000010 0.40364015 [FFFFFA800C2E5110] Request reference count-- = 2.
00000011 0.40470651 [FFFFFA800C2E5110] WskKnrRpcComplete: rpc calls back for completion.
00000012 0.40471932 [FFFFFA800C2E5110] WskKnrCompletePending: complete pending request (rpc=1).
00000013 0.40472829 [FFFFFA800C2E5110] Request reference count-- = 1.
00000014 0.40473688 [FFFFFA800C2E5110] Request reference count-- = 0.
00000015 0.40479547 [FFFFFA800C2E5110] WskKnrCompleteRequest: rpc completion return status = 00000000 (reply=00000000).
00000016 0.40480700 [FFFFFA800C2E5110] WskProAPIGetAddressInfo returned addrinfo: [addr=FFFFF8A00BCB0850].
00000017 0.40481642 [bind=FFFFFA800A7BBB70] Binding reference count-- = 1.
00000018 0.40482712 [FFFFFA800C2E5110] WskKnrCompleteRequest: complete irp with IO status = 00000000.
00000019 0.43494278 [3852] .\UserGroups.cpp(676): NetLocalGroupGetMembers(NT AUTHORITY\INTERACTIVE) failed: 2220(0x000008AC): The group name could not be found.
00000020 0.43494278 [3852]
00000021 0.43841168 [3852] .\UserGroups.cpp(676): NetLocalGroupGetMembers(NT AUTHORITY\Authenticated Users) failed: 2220(0x000008AC): The group name could not be found.
00000022 0.43841168 [3852]
00000023 0.44794494 [3852] .\UserGroups.cpp(676): NetLocalGroupGetMembers(Domäne\Domain Users) failed: 2220(0x000008AC): The group name could not be found.
00000024 0.44794494 [3852]
00000025 0.46368673 [3852] Blur 3840x1080 init.
00000026 0.50702870 [addr=FFFFF8A00BCB0850] WskProAPIFreeAddressInfo freed addrinfo.
00000027 0.53299963 [3852] Blur 3840x1080 exit: 69 ms
00000028 5.46486521 [3852] .\Helpers.cpp(236): RegOpenKeyEx(80000002,SECURITY\SuRun\RunAs\Domäne\Benutzer2\Cache) failed: 2(0x00000002): The system cannot find the file specified.
00000029 5.46486521 [3852]
Benutzer1
Funktioniert nicht.
00000001 0.00000000 [7496] .\main.cpp(86): SuRun started with (surun /runas C:\Windows\System32\mmc.exe C:\Windows\System32\devmgmt.msc)
00000002 0.03873402 [6164] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /AskUSER)
00000003 0.30570692 [6164] .\UserGroups.cpp(676): NetLocalGroupGetMembers(Domäne\Domain Admins) failed: 2220(0x000008AC): The group name could not be found.
00000004 0.30570692 [6164]
00000005 0.31463879 [6404] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /WATCHDOG Winlogon Default 6164)
00000006 0.40737468 [FFFFFA800C534C10] WskProIRPGetAddrInfo is called.
00000007 0.40739819 [bind=FFFFFA800A7BBB70] Binding reference count++ = 2 (status = 00000000, impersonation= 2).
00000008 0.40740719 [FFFFFA800797E1F0] Request reference count++ = 3.
00000009 0.40747562 [FFFFFA800797E1F0] RPC method type = 1: rpc-method succeeded, queue to rpc-pending-list.
00000010 0.40748504 [FFFFFA800797E1F0] Request reference count-- = 2.
00000011 0.40855777 [FFFFFA800797E1F0] WskKnrRpcComplete: rpc calls back for completion.
00000012 0.40857020 [FFFFFA800797E1F0] WskKnrCompletePending: complete pending request (rpc=1).
00000013 0.40857875 [FFFFFA800797E1F0] Request reference count-- = 1.
00000014 0.40858731 [FFFFFA800797E1F0] Request reference count-- = 0.
00000015 0.40861896 [FFFFFA800797E1F0] WskKnrCompleteRequest: rpc completion return status = 00000000 (reply=00000000).
00000016 0.40863049 [FFFFFA800797E1F0] WskProAPIGetAddressInfo returned addrinfo: [addr=FFFFF8A00CBB6810].
00000017 0.40863991 [bind=FFFFFA800A7BBB70] Binding reference count-- = 1.
00000018 0.40865061 [FFFFFA800797E1F0] WskKnrCompleteRequest: complete irp with IO status = 00000000.
00000019 0.45267737 [6164] Blur 3840x1080 init.
00000020 0.51009297 [addr=FFFFF8A00CBB6810] WskProAPIFreeAddressInfo freed addrinfo.
00000021 0.53435814 [6164] .\UserGroups.cpp(676): NetLocalGroupGetMembers(NT AUTHORITY\INTERACTIVE) failed: 2220(0x000008AC): The group name could not be found.
00000022 0.53435814 [6164]
00000023 0.53466564 [6164] Blur 3840x1080 exit: 82 ms
00000024 0.56737596 [6164] .\UserGroups.cpp(676): NetLocalGroupGetMembers(NT AUTHORITY\Authenticated Users) failed: 2220(0x000008AC): The group name could not be found.
00000025 0.56737596 [6164]
00000026 0.56780493 [6164] .\UserGroups.cpp(676): NetLocalGroupGetMembers(Domäne\Domain Users) failed: 2220(0x000008AC): The group name could not be found.
00000027 0.56780493 [6164]
00000028 5.49979258 [6164] .\Helpers.cpp(236): RegOpenKeyEx(80000002,SECURITY\SuRun\RunAs\Domäne\Benutzer1\Cache) failed: 2(0x00000002): The system cannot find the file specified.
00000029 5.49979258 [6164]
00000030 5.82686806 [6164] .\Service.cpp(503): CreateProcessAsUser(C:\Windows\System32\mmc.exe C:\Windows\System32\devmgmt.msc,ALLUSERSPROFILE=C:\ProgramData,C:\Users\Benutzer1) failed: 740(0x000002E4): The requested operation requires elevation.
00000031 5.82686806 [6164]
00000032 5.82689238 [6164] .\Service.cpp(1517): CreateProcessAsUser failed: 740(0x000002E4): The requested operation requires elevation.
00000033 5.82689238 [6164]
[/color]
Kommandozeile: surun "C:\Windows\System32\devmgmt.msc"
Benutzer2
Funktioniert einwandfrei.
00000001 0.00000000 [4108] .\main.cpp(86): SuRun started with (surun "C:\Windows\System32\devmgmt.msc")
00000002 0.02850484 [3304] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /AskUSER)
00000003 0.03256999 [3304] .\Helpers.cpp(236): RegOpenKeyEx(80000002,SECURITY\SuRun\Cache) failed: 2(0x00000002): The system cannot find the file specified.
00000004 0.03256999 [3304]
00000005 0.31214768 [5580] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /WATCHDOG Winlogon Default 3304)
00000006 0.45758429 [3304] Blur 3840x1080 init.
00000007 0.53986770 [3304] Blur 3840x1080 exit: 82 ms
Benutzer1
Funktioniert nicht.
00000001 0.00000000 [6528] .\main.cpp(86): SuRun started with (surun "C:\Windows\System32\devmgmt.msc")
00000002 0.00000000 [4376] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /AskUSER)
00000003 0.00000000 [4376] .\Helpers.cpp(236): RegOpenKeyEx(80000002,SECURITY\SuRun\Cache) failed: 2(0x00000002): The system cannot find the file specified.
00000004 0.00000000 [4376]
00000005 0.00000000 [FFFFFA800C2133B0] WskProIRPGetAddrInfo is called.
00000006 0.00000941 [bind=FFFFFA800A7BBB70] Binding reference count++ = 2 (status = 00000000, impersonation= 2).
00000007 0.00001412 [FFFFFA800BD157F0] Request reference count++ = 3.
00000008 0.00004149 [FFFFFA800BD157F0] RPC method type = 1: rpc-method succeeded, queue to rpc-pending-list.
00000009 0.00004577 [FFFFFA800BD157F0] Request reference count-- = 2.
00000010 0.00043500 [FFFFFA800BD157F0] WskKnrRpcComplete: rpc calls back for completion.
00000011 0.00043971 [FFFFFA800BD157F0] WskKnrCompletePending: complete pending request (rpc=1).
00000012 0.00044313 [FFFFFA800BD157F0] Request reference count-- = 1.
00000013 0.00044655 [FFFFFA800BD157F0] Request reference count-- = 0.
00000014 0.00045981 [FFFFFA800BD157F0] WskKnrCompleteRequest: rpc completion return status = 00000000 (reply=00000000).
00000015 0.00046409 [FFFFFA800BD157F0] WskProAPIGetAddressInfo returned addrinfo: [addr=FFFFF8A010CEBA10].
00000016 0.00046794 [bind=FFFFFA800A7BBB70] Binding reference count-- = 1.
00000017 0.00047221 [FFFFFA800BD157F0] WskKnrCompleteRequest: complete irp with IO status = 00000000.
00000018 0.10078023 [addr=FFFFF8A010CEBA10] WskProAPIFreeAddressInfo freed addrinfo.
00000019 0.31841564 [7488] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /WATCHDOG Winlogon Default 4376)
00000020 0.45034367 [4376] Blur 3840x1080 init.
00000021 0.58948320 [4376] Blur 3840x1080 exit: 95 ms
[/color]
Kommandozeile: surun /runas "C:\Windows\System32\devmgmt.msc"
Benutzer2
Funktioniert nicht.
00000001 0.00000000 [1104] .\main.cpp(86): SuRun started with (surun /runas "C:\Windows\System32\devmgmt.msc")
00000002 0.00000000 [6396] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /AskUSER)
00000003 0.00000000 [6396] .\UserGroups.cpp(676): NetLocalGroupGetMembers(Domäne\Domain Admins) failed: 2220(0x000008AC): The group name could not be found.
00000004 0.00000000 [6396]
00000005 0.00000000 [6884] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /WATCHDOG Winlogon Default 6396)
00000006 0.00000000 [FFFFFA800C3260A0] WskProIRPGetAddrInfo is called.
00000007 0.00002395 [bind=FFFFFA800A7BBB70] Binding reference count++ = 2 (status = 00000000, impersonation= 2).
00000008 0.00003379 [FFFFFA800B6BD1A0] Request reference count++ = 3.
00000009 0.00009752 [FFFFFA800B6BD1A0] RPC method type = 1: rpc-method succeeded, queue to rpc-pending-list.
00000010 0.00010693 [FFFFFA800B6BD1A0] Request reference count-- = 2.
00000011 0.00121133 [FFFFFA800B6BD1A0] WskKnrRpcComplete: rpc calls back for completion.
00000012 0.00122417 [FFFFFA800B6BD1A0] WskKnrCompletePending: complete pending request (rpc=1).
00000013 0.00123315 [FFFFFA800B6BD1A0] Request reference count-- = 1.
00000014 0.00124170 [FFFFFA800B6BD1A0] Request reference count-- = 0.
00000015 0.00127378 [FFFFFA800B6BD1A0] WskKnrCompleteRequest: rpc completion return status = 00000000 (reply=00000000).
00000016 0.00128533 [FFFFFA800B6BD1A0] WskProAPIGetAddressInfo returned addrinfo: [addr=FFFFF8A00CCAFF90].
00000017 0.00129474 [bind=FFFFFA800A7BBB70] Binding reference count-- = 1.
00000018 0.00130543 [FFFFFA800B6BD1A0] WskKnrCompleteRequest: complete irp with IO status = 00000000.
00000019 0.03361964 [6396] .\UserGroups.cpp(676): NetLocalGroupGetMembers(NT AUTHORITY\INTERACTIVE) failed: 2220(0x000008AC): The group name could not be found.
00000020 0.03361964 [6396]
00000021 0.03722071 [6396] .\UserGroups.cpp(676): NetLocalGroupGetMembers(NT AUTHORITY\Authenticated Users) failed: 2220(0x000008AC): The group name could not be found.
00000022 0.03722071 [6396]
00000023 0.04404900 [6396] .\UserGroups.cpp(676): NetLocalGroupGetMembers(Domäne\Domain Users) failed: 2220(0x000008AC): The group name could not be found.
00000024 0.04404900 [6396]
00000025 0.05814744 [6396] Blur 3840x1080 init.
00000026 0.10419694 [addr=FFFFF8A00CCAFF90] WskProAPIFreeAddressInfo freed addrinfo.
00000027 0.12172192 [6396] Blur 3840x1080 exit: 63 ms
00000028 4.77363920 [6396] .\Helpers.cpp(236): RegOpenKeyEx(80000002,SECURITY\SuRun\RunAs\Domäne\Benutzer2\Cache) failed: 2(0x00000002): The system cannot find the file specified.
00000029 4.77363920 [6396]
Benutzer1
Funktioniert nicht.
00000001 0.00000000 [6504] .\main.cpp(86): SuRun started with (surun /runas "C:\Windows\System32\devmgmt.msc")
00000002 0.00000000 [6444] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /AskUSER)
00000003 0.00000000 [6444] .\UserGroups.cpp(676): NetLocalGroupGetMembers(Domäne\Domain Admins) failed: 2220(0x000008AC): The group name could not be found.
00000004 0.00000000 [6444]
00000005 0.00000000 [7320] .\main.cpp(86): SuRun started with (C:\Windows\SuRun.exe /WATCHDOG Winlogon Default 6444)
00000006 0.00000000 [FFFFFA800B37FD20] WskProIRPGetAddrInfo is called.
00000007 0.00002353 [bind=FFFFFA800A7BBB70] Binding reference count++ = 2 (status = 00000000, impersonation= 2).
00000008 0.00003336 [FFFFFA80075C0630] Request reference count++ = 3.
00000009 0.00009667 [FFFFFA80075C0630] RPC method type = 1: rpc-method succeeded, queue to rpc-pending-list.
00000010 0.00010608 [FFFFFA80075C0630] Request reference count-- = 2.
00000011 0.00130158 [FFFFFA80075C0630] WskKnrRpcComplete: rpc calls back for completion.
00000012 0.00131484 [FFFFFA80075C0630] WskKnrCompletePending: complete pending request (rpc=1).
00000013 0.00132383 [FFFFFA80075C0630] Request reference count-- = 1.
00000014 0.00133238 [FFFFFA80075C0630] Request reference count-- = 0.
00000015 0.00136446 [FFFFFA80075C0630] WskKnrCompleteRequest: rpc completion return status = 00000000 (reply=00000000).
00000016 0.00137601 [FFFFFA80075C0630] WskProAPIGetAddressInfo returned addrinfo: [addr=FFFFF8A003E3D400].
00000017 0.00138585 [bind=FFFFFA800A7BBB70] Binding reference count-- = 1.
00000018 0.00139697 [FFFFFA80075C0630] WskKnrCompleteRequest: complete irp with IO status = 00000000.
00000019 0.04043382 [6444] Blur 3840x1080 init.
00000020 0.06632479 [6444] .\UserGroups.cpp(676): NetLocalGroupGetMembers(NT AUTHORITY\INTERACTIVE) failed: 2220(0x000008AC): The group name could not be found.
00000021 0.06632479 [6444]
00000022 0.08211405 [6444] .\UserGroups.cpp(676): NetLocalGroupGetMembers(NT AUTHORITY\Authenticated Users) failed: 2220(0x000008AC): The group name could not be found.
00000023 0.08211405 [6444]
00000024 0.08498113 [6444] .\UserGroups.cpp(676): NetLocalGroupGetMembers(Domäne\Domain Users) failed: 2220(0x000008AC): The group name could not be found.
00000025 0.08498113 [6444]
00000026 0.10293428 [addr=FFFFF8A003E3D400] WskProAPIFreeAddressInfo freed addrinfo.
00000027 0.12721057 [6444] Blur 3840x1080 exit: 87 ms
00000028 5.80861616 [6444] .\Helpers.cpp(236): RegOpenKeyEx(80000002,SECURITY\SuRun\RunAs\Domäne\Benutzer1\Cache) failed: 2(0x00000002): The system cannot find the file specified.
00000029 5.80861616 [6444]
00000030 6.07608128 [6444] .\Service.cpp(503): CreateProcessAsUser(C:\Windows\system32\mmc.exe C:\Windows\System32\devmgmt.msc,ALLUSERSPROFILE=C:\ProgramData,C:\Users\Benutzer1) failed: 740(0x000002E4): The requested operation requires elevation.
00000031 6.07608128 [6444]
00000032 6.07623625 [6444] .\Service.cpp(1517): CreateProcessAsUser failed: 740(0x000002E4): The requested operation requires elevation.
00000033 6.07623625 [6444]
[/color]