2

Receiving this error when using Interop.DSOFile.dll functions and classes in powershell 5.1 (x86) running as a different user. The account I am using is an AD functional account which has full privilege to the folder containing the dll. I need to use this account as it has more access than my own AD account for the work required.

I am able to run the following code on my own user account without issue, but when attempting to use the functional account I get the error in the title.

[System.Reflection.Assembly]::LoadFrom('C:\Path\To\Interop.DSOFile.dll')

New-Object DSOFile.OleDocumentPropertiesClass

Which results in the error:

New-Object : Exception calling ".ctor" with "0" argument(s): "Retrieving the COM class factory for component with CLSID {58968145-CF05-4341-995F-2EE093F6ABA3} failed due to the following error: 80070005 Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))." At line:1 char:1 + New-Object DSOFile.OleDocumentPropertiesClass + CategoryInfo : InvalidOperation: (:) [New-Object], MethodInvoca tionException + FullyQualifiedErrorId : ConstructorInvokedThrowException,Microsoft.Power Shell.Commands.NewObjectCommand

I checked that the CLSID exists and that I can see it using the functional account, and it is there:

gci 'HKLM:\SOFTWARE\Classes\CLSID' | ?{$_.PSChildName -match '58968145-CF05-4341-995F-2EE093F6ABA3'}

Property      : {(default)}
PSPath        : 
Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE
            \Classes\CLSID\{58968145-CF05-4341-995F-2EE093F6ABA3}
PSParentPath  : 
Microsoft.PowerShell.Core\Registry::HKEY_LOCAL_MACHINE\SOFTWARE
            \Classes\CLSID
PSChildName   : {58968145-CF05-4341-995F-2EE093F6ABA3}
PSDrive       : HKLM
PSProvider    : Microsoft.PowerShell.Core\Registry
PSIsContainer : True
SubKeyCount   : 2
View          : Default
Handle        : Microsoft.Win32.SafeHandles.SafeRegistryHandle
ValueCount    : 1
Name          : HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{58968145-CF05-4341-9
            95F-2EE093F6ABA3}

I've tried to use solutions from similar Stackoverflow questions that reference using Dcomcnfg.exe\DCOM Config to give the account access. Com+ Configuration

  • Go to Control Panel - > Administrator -> Component Services -> DCOM Config
  • Open Microsoft Word 97 - 2003 Properties
  • General -> Authentication Level : None
  • Security -> Customize all 3 permissions to allow everyone

I've also added the AD function account to my local Administrator group, with no success.

4

1 回答 1

1

感谢Lieven Keersmaeker 的procmon 调试建议,我能够解决这个问题。

正在解析的注册 dll 位于我的旧 AD 帐户文件夹下的一个加密文件夹中(我的 AD sAMAccount 最近更改了)。我在注册表中找到了该 dll,将路径更改为该 dll 的更易于访问的副本,并且它运行良好!

在此之前,我不知道如何正确调试这个问题,也不知道 windows 是如何解决 dll 的。我假设如果 dll(在这种情况下为 dsofile.dll)与 Interop.DSOFile.dll 位于同一目录中,那么它将解析同一目录中的文件,而不是访问注册表。我现在知道得更好了。

于 2017-07-13T16:12:50.810 回答