Adding Windows Local Groups using SQLCLR on Windows Server 2012

  • fw200811

    SSC Journeyman

    Points: 80

    I've read Solomon Rutzky great series about SQLCLR.

    I would like to manage windows local groups on server through SQLCLR. I deploy my signed assembly using asymmetric key, login with this key, setting UNSAFE...

    I added the .Net assemblies System.DirectoryServices. under dbo.

    My C# code works perfectly in console logged as administrator.

    The same code in stored procedures, with impersonation, always give me "Access Denied".

    Any ideas to solve that?

    Thanks

  • Solomon Rutzky

    SSCoach

    Points: 16104

    Hi there. Please post the exact error message. Thanks, Solomon..

    SQL#https://SQLsharp.com/ ( SQLCLR library ofover 340 Functions and Procedures)
    Sql Quantum Lifthttps://SqlQuantumLift.com/ ( company )
    Sql Quantum Leaphttps://SqlQuantumLeap.com/ ( blog )
    Info sitesCollations     •     Module Signing     •     SQLCLR

  • fw200811

    SSC Journeyman

    Points: 80

    Here is the error message :

    Msg 6522, Level 16, State 1, Procedure StdProc4, Line 0

    A .NET Framework error occurred during execution of user-defined routine or aggregate "StdProc4":

    System.UnauthorizedAccessException: Access is denied.

    System.UnauthorizedAccessException:

    at StoredProcedures.StdProc4(SqlString GroupName)

    It's quite brief

  • Solomon Rutzky

    SSCoach

    Points: 16104

    Sorry for the delay in responding. It initially seems like the account that SQL Server is logging on as (the service, typically "MSSQLSERVER" if it is the default instance) does not have administrative privileges (and that is typically a good thing, even if not convenient here). However, you did say that you are using impersonation which should take care of that, assuming that you are connecting to SQL Server with a Login that does have administrative rights. Are you sure that the impersonation code is set up correctly?

    And you did say "local" groups, so I assume that you are adding groups to the server that SQL Server is running on, and not a remote server in the same domain, correct?

    It would help if you could post the code (if that is possible).

    Take care,

    Solomon..

    SQL#https://SQLsharp.com/ ( SQLCLR library ofover 340 Functions and Procedures)
    Sql Quantum Lifthttps://SqlQuantumLift.com/ ( company )
    Sql Quantum Leaphttps://SqlQuantumLeap.com/ ( blog )
    Info sitesCollations     •     Module Signing     •     SQLCLR

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic. Login to reply