RE: Some 80041001 Generic Failure accessing remote WMI

Hi Tango,

Sorry for letting you wait so long.

After reading the bug record, I find that it is the ACL that restricted the
non-Admin WMI remote access, which is by design of PNP manager.

During the access check, the network sid is denied _before_ user sid is
allowed so a user logged in locally will be allowed access but one logged
in remotely will not since they will have the network SID as well. This is
by design as part of a security push, PNP manager no longer allows remote
nonadministrators to access its RPC interface. Since WMI impersonates its
caller, these providers fail when queried remotely by nonadministrators.
The bug also indicates the PNP team cannot change their interface security
model as it would open up potential DOS attacks by remote users.

I do not think there is perfect workaround for this issue.

Hope this helps.

Best regards,
Jeffrey Tan
Microsoft Online Community Support
==================================================
Get notification to my posts through email? Please refer to
http://msdn.microsoft.com/subscriptions/managednewsgroups/default.aspx#notif
ications.

Note: The MSDN Managed Newsgroup support offering is for non-urgent issues
where an initial response from the community or a Microsoft Support
Engineer within 1 business day is acceptable. Please note that each follow
up response may take approximately 2 business days as the support
professional working with you may need further investigation to reach the
most efficient resolution. The offering is not appropriate for situations
that require urgent, real-time or phone-based interactions or complex
project analysis and dump analysis issues. Issues of this nature are best
handled working with a dedicated Microsoft Support Engineer by contacting
Microsoft Customer Support Services (CSS) at
http://msdn.microsoft.com/subscriptions/support/default.aspx.
==================================================
This posting is provided "AS IS" with no warranties, and confers no rights.


.

Relevant Pages

  • Re: How to remote start/stop services using windows API?
    ... of valid account on remote machine to call WNetAddConnetion2. ... for SMB file server connections for windows file server connections, ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.vc.mfc)
  • Re: How to remote start/stop services using windows API?
    ... of valid account on remote machine to call WNetAddConnetion2. ... for SMB file server connections for windows file server connections, ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.platformsdk.security)
  • RE: How to save file to a shared foled in asp.net
    ... As for the "saving file to remote share" issue, I think it is a typical ... Microsoft MSDN Online Support Lead ... nature are best handled working with a dedicated Microsoft Support Engineer ... In ASP.NET, how to save a file in a shared folder in the server side, the ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: SBS Turn-Key Operation
    ... My entire business is primarly mobile, with the chance that an SMB needs ... > then use XP Remote Desktop support a lot easier. ... >> my customers are residental w/ a few SMB accounts. ...
    (microsoft.public.windows.server.sbs)
  • RE: Permissions for remote debugging in Visual Studio 2005
    ... I think you need to add the user in the remote machine's Power User and ... Debugger User group. ... Microsoft Online Community Support ... where an initial response from the community or a Microsoft Support ...
    (microsoft.public.dotnet.framework.aspnet.security)