|
Posted by Andrew Hayes on December 7, 2005, 9:49 pm
Please log in for more thread options
Thanks Joe.
I took a look at the KB article and figured that since it uses DCOM, and
DCOM got really messed around with in 2003 SP1 and XP SP2, that that is the
likely cause.
I did some more searching and came up with a library topic called "Securing
a remote WMI connection":
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/securing_a_remote_wmi_connection.asp
Unfortunately, most of what that said is already covered as the Domain
Admins group is a member of the local Administrators group on the XP
machine, and has all the various remote access, remote start, permissions.
What I did find though is that when I use the WMI Control snap-in from the
2003 server connected remotely to an XP desktop, it gives me the same error:
Failed to connect to DESKTOP
because "Win32: Access is denied."
The default namespace for scripting, according to the WMI control of the
desktop, is root\cimv2. The local Administrators group (of which the Domain
Admins is a member) has full rights to the root namespace and all
subnamespaces.
Looking at the WMIPROV.LOG file on the XP desktop I see that there are
various entries that say "Impersonation failed - Access denied" and "WDM
call returned error: 4200". Maybe that has something to do with it.
Also, when I click on the Internet Information Services (IIS) Manager, it
pops up an Access Denied box saying "The username/password you used to
connect to this machine does not have administrator privileges, or you
entered an incorrect password. Please provide an account with administrator
access.", with a couple of textboxes for entering a username and password.
This is very strange when I'm running Computer Management as the Domain
Admin, who most certainly does have administrator privileges on the remote
machine. This would mean that the wrong security information is being passed
to the XP desktop, or is not being passed at all.
What is also strange is that even if I type the XP machines local
adminsitrator username and password, it still pops up an Error dialog saying
"You have been denied access to this machine.". Right-clicking on IIS
Manager in Computer Management and clicking on Properties brings up an "RPC
Server unavailable" error.
> Hey, this sounds a lot like my question earlier that was never answered.
> I did find this Article from 10/2/2003 that gave me the clues to getting
> it working again. So my only problem now is the "Why" part but anyway
> this is the article ID: 248823
>
> please post if you have other info.
>
>
>> For some reason, I can no longer use the Properties option for all of the
>> XP desktops and 2003 servers in the office when I connect to them
>> remotely through Computer Management from my 2003 management server.
>>
>> I can still see and use the System Tools, Storage, and Services and
>> Applications sub-menus for the remote machines but no longer can get OS
>> info. It always comes up with a System Properties dialog saying Win32:
>> Access Denied, even though I did Run As... and used the Domain
>> Administrator account.
>>
>> Maybe it's a service pack change, but how do I give Domain Administrator
>> access rights to remote Computer Management system properties?
>>
>>
>
>
| 
XML Sitemap