Why does enumerating Win32_Shares as “LOCAL SERVICE” user return null properties?

Question

I have the following code:

  var searcher = new ManagementObjectSearcher("SELECT Name, Path FROM Win32_share");
  ManagementObjectCollection coll = searcher.Get();

  foreach (var share in coll)
  {
      Console.WriteLine("share-path: " + share["Path"] + " share-name:" + share["Name"]);
  }

Running it as me, I get sensible output:

share-path: C:\Windows share-name:ADMIN$
share-path: C:\ share-name:C$
share-path: D:\ share-name:D
share-path: D:\ share-name:D$
share-path:  share-name:IPC$

Running it from a service as the local system user, I get no Path property:

share-path: share-name:ADMIN$
share-path: share-name:C$
share-path: share-name:D
share-path: share-name:D$
share-path: share-name:IPC$

Should the LOCAL SERVICE not be able to view shared folder paths? What am I doing wrong? (Note: I also tried running as "NETWORK SERVICE" with the same results.

Answer 1

I tried using WinApi NetShareEnum and received the same results. What is interesting to note is that this code behaves correctly on Windows 2008 R2 and it doesn't work on Windows 2008. I haven't tried earlier platforms.

This does seem like a permissions issue, because local SYSTEM account has access to share paths. Endless testing and playing with local security settings didn't bring any results. I couldn't find any suspicious activity using regmon or filemon. I ended up switching my application to SYSTEM account.

Answer 2

LOCAL SERVICE doesn't have rights to network shares. You need to run your service as a user with appropriate permissions, most likely a domain user with rights to the shares.