Re: connect to bastion host via WMI

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Peter Falz (pf.ms.news_at_asp-solutions.de)
Date: 11/12/04 

Date: Fri, 12 Nov 2004 16:05:43 +0100

Hi Mark,

"Mark" <markdotmiller@zurichnadotcom> schrieb im Newsbeitrag news:%23GRzz5LyEHA.3368@TK2MSFTNGP15.phx.gbl...
> Still no dice on the second machine. Here is what is configured within the
> registry key:
> [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
> "EnableDCOM"="Y"
> "LegacyImpersonationLevel"=dword:00000002
> "EnableRemoteConnect"="Y"
> "LegacyAuthenticationLevel"=dword:00000001
> I've even tried setting the Impersonation level to 3

have you tested your script runnin local on both machines?

1.
I've took a look at the link in your 1st post and have seen
in

Windows Management Instrumentation Driver Extensions
Table 16: Setting
WMI

and

WMI Performance Adapter
Table 17: Setting
WMIApSrv

that these have to be configured to "Disabled".

IMHO, if you had done this, i can imagine, that a WMI-Access
returns "Access Denied".

2.
As next, this type of serverconfiguring is so restirctivly, that you have
eventually setted a adminconnect via network to "Disabled". In

Deny access to this computer from the network
Table2: Setting
Support_388945a0

it will be suggested, that a lot of groups/users to this user rights and
further there is written, that if a user is subject in both policies
(the 2nd is "Access this computer from the network"), that
the "Deny ..."- overwrites the "Access..."-policy. That means
IMHO the user has only the minimum rights and here no access via
network to the server.

3.
I've no idea how your settings are but the errormessage "Access denied"
says it is a accessproblem. Maybe look at the securityprotocol to determine
where the problem is.

4.
IMO that is not a problem of WMI. Maybe it would be better in a
Server-Newsgroup.

Also take a look at:
http://www.tech-archive.net/Archive/Windows/microsoft.public.windows.server.scripting/2004-02/0500.html
http://support.microsoft.com/default.aspx?scid=kb;EN-US;315454
http://www.talkaboutsoftware.com/group/microsoft.public.win32.programmer.wmi/messages/15898.html

Ciao
Peter

Relevant Pages

  • Re: connect to bastion host via WMI
    ... > WMI Performance Adapter ... > As next, this type of serverconfiguring is so restirctivly, that you have ... that a lot of groups/users to this user rights and ... > network to the server. ...
    (microsoft.public.win32.programmer.wmi)
  • WORMS, VIRUS AND USER RIGHTS
    ... I have a question concerning user rights and the impact on protecting against ... I am hoping this will prevent a virus from being opened via an email ... understanding that a network work takes advantage of a vulnerability in the ... A worm will probably ...
    (microsoft.public.security)
  • explorer.exe using memory uncontrollably
    ... >I was having trouble setting up internet connection ... second machine). ... Pretty sure that I didn't need the network ... out of virtual memory and crashed. ...
    (microsoft.public.windowsxp.help_and_support)
  • RE: VPN and ISA server
    ... put a second machine on the network border - with 2 Network cards in it. ... build your tunnels to that machine. ... SurfControl E-mail Filter for SMTP & Exchange leverages multiple layers ...
    (Focus-Microsoft)
  • New XP User needing help with printer sharing
    ... I followed all of the steps to network my two machines (both with XP ... including sharing the printer and giving it a name. ... But my second machine, while seeing my main computer on the network, does not ... Is it the same reason why I can't access the files on my main ...
    (microsoft.public.windowsxp.print_fax)