Re: Power Users group + WMS9 MMC = "unable to connect"

From: Ravi Raman (ravira_at_Online.microsoft.com)
Date: 06/29/04 

Date: Tue, 29 Jun 2004 11:05:13 -0700

Thanks for the response. I understand what you are trying
to do. But looks like the WMS Administrator snap-in
requires you to be an Administrator, or else it cannot
quite figure out how to connect to the server when you
specify the hostname. It figures things out when Localhost
is used to add the server.

Unfortunately, the Administrator later successfully
resolves the hostname and therefore remembers to use the
hostname the next time it connects instead of localhost.
But since using the actual hostname fails, you are having
to add the local server everytime you open the MMC Admin
as "Localhost". At this point, I can't seem to find a way
around this restriction.

But as you've observed earlier, once the "connection to
server" has happened by adding as localhost, there seems
to be no problem in administering the server itself. So, I
think the SDK or API code that you write will work okay,
the restriction seems to be in the Snap-in itself. For
example, on the server machine I was able to write a
script to create a publishing point on the server running
as the "WMS Admin" account (belonging to Power Users
group).

Hope this helps.

Thanks,
Ravi 

--
This posting is provided "AS IS" with no warranties, and 
confers no rights.
>-----Original Message-----
>Thanks for the response.  I was diverted to other tasks 
so I'm only
>now getting back to this.  The WMS "Admin" account is a 
local user
>account on the Windows 2003 server (running Windows Media 
Services 9)
>which I use to log in using Remote Desktop/Terminal 
Services Client. 
>Windows Media Services 9 does not use this account; 
instead, it uses
>its default "NT AUTHORITY\NetworkService" as you stated.
>
>We are wanting to create a second account (the 
WMS "Admin" account) to
>keep in line with our internal policy of only allowing 
full
>Administrative rights to those who need them.  Since I am 
not the
>administrator of the server itself (that is, I only 
administrate the
>Windows Media part of the server and not the OS part or 
other non-WMS
>parts), we want an account set up to allow me to 
administer WMS that
>is not in the Administrators group.  The Power Users 
group is almost
>working for us but the problem below is not acceptable 
when using it
>everyday.  I'm also worried about how the SDK/API will 
work with the
>WMS "Admin" account being in the Power Users group.
>
>> I presume you are talking about WMServices 9. In that 
>> case, can you please tell me the exact name of the 
>> WMS "Admin" account you are talking about? 
>> 
>> The WMS server runs under the Network Services account 
>> which has very low privileges already (much less than 
the 
>> Power Users privilege). Is there a specific reason why 
you 
>> would like to change it? Or are you talking about a 
>> different account altogether?
>> 
>> Thanks,
>> Ravi
>> --
>> This posting is provided "AS IS" with no warranties, 
and 
>> confers no rights.
>> 
>> 
>> >-----Original Message-----
>> >I am exploring taking our WMS "admin" account out of 
the
>> >Administrators group and putting it in the Power Users 
>>  group.  I have
>> >followed all the steps that this requires (as far as I 
>>  can tell)
>> >including the dcomcnfg changes.
>> >
>> >When the WMS "admin" account accesses the WMS admin 
>>  console
>> >(wmsadmin.msc) via Remote Desktop, the server is not 
>>  displayed.  If I
>> >try to add the server to the MMS using the server name 
>>  (e.g.,
>> >"mediaserver01") or IP address, I get error code 
>>  0xc00d0006 ("Unable
>> >to establish a connection to the server").  If I add 
the 
>>  server using
>> >"localhost", it does appear in the MMC with the server 
>>  name (e.g.,
>> >"mediaserver1" and not "localhost").  I can then make 
>>  changes as if I
>> >were in the Administrators group.
>> >
>> >However, if I exit the MMC and then start it again, I 
>>  once again get
>> >error code 0xc00d0006 and the server no longer shows 
up 
>>  in the MMC.  I
>> >have to once again add it using "localhost" every time 
I 
>>  use the MMC. 
>> >What permission settings are wrong/missing?
>> >.
>> >
>.
>

Relevant Pages

  • Re: FIRED IT ADMIN HAS LOCKED US OUT OF SBS
    ... you have risen to an Administrator this would be a given. ... server and run all LOB apps on these. ... If there are no encrypted files, just reset the DSRM account ...
    (microsoft.public.windows.server.sbs)
  • Re: FIRED IT ADMIN HAS LOCKED US OUT OF SBS
    ... Teneo> Interesting post and Im now gonna be a party pooper... ... connections) before cutting power to the server and to the Internet ... If there are no encrypted files, just reset the DSRM account ... and try old domain Administrator account's passwords. ...
    (microsoft.public.windows.server.sbs)
  • Re: Remote desktop: cannot copy files why still not working
    ... I created a new user on the XP box, set as an administrator ... this new user account is local to the XP system, ... In my environment, when I do an RDP connection to a server, I first log ... member of the local administrators group on the server. ...
    (microsoft.public.windows.server.security)
  • Re: Remote desktop: cannot copy files why still not working
    ... this new user account is local to the XP system, and a member of the local administrator's group on that workstation. ... In my environment, when I do an RDP connection to a server, I first log on to the xp workstation using my regular, non-privileged domain account, run mstsc, and then logon to the server using a domain account that is a member of the local administrators group on the server. ... In addition, I frequently use runas to run privileged applications on the workstation using my "administrator" account, and have found that files cannot be copied between those applications and anything running under the credentials of my regular account - even though my administrator account actually does have full access to everything on the workstation - just not through my regular account's view of that workstation. ...
    (microsoft.public.windows.server.security)
  • Re: Shared Fax device not available anymore after reboot server!?!
    ... the error message one by one to the Newsgroup for accurate research. ... You can send fax by using Administrator account. ... after the reboot of the server no account is able to fax anaymore. ...
    (microsoft.public.windows.server.sbs)