Re: RSOP Planning Security problem

From: "ThatsIT.net.au" <me@work>
Date: Wed, 30 Jul 2008 23:57:36 +0800

"Wake-Up-Jeff" <artvandal8@xxxxxxxxxxx> wrote in message news:eMrClql6IHA.3480@xxxxxxxxxxxxxxxxxxxxxxx

I want it to run in the credentials of the logged on user.
I don't want to have to pass separate credentials.
This would mean maintaining a separate account just for this purpose.

thats correct, thats why you have accounts and permissions. or give the user permissions

Besides, the credentials have to be those of an administrator.
I should be able to get this to work for a non-admin user.

"Alan Mosley" <me@work> wrote in message news:OiPh%23$K6IHA.3696@xxxxxxxxxxxxxxxxxxxxxxx
why not pass credentuals to the locator.connectServer object?
if you dont want people to open and see credentual econde it with windows script encoder

"Wake-Up-Jeff" <artvandal8@xxxxxxxxxxx> wrote in message news:%235%234QNH6IHA.4352@xxxxxxxxxxxxxxxxxxxxxxx
I've been trying to do some RSOP Planning using a non-admin user account on a domain member workstation.
I am using the following VBScript code:

strComputer = "DC1"
Set locator = CreateObject("WbemScripting.SWbemLocator")
Set connection = locator.ConnectServer (strComputer, "root\rsop", null, null, null, null, 0, null)
(for the ConnectServer parameters, see http://msdn.microsoft.com/en-us/library/aa393720(VS.85).aspx)

When I logon to the workstation as an administrator - no problem executing the script.
When I use a non-admin account, I get an error 80070005 access denied message executing line 3.

I have used the wmimgmt.msc mmc to set permissions on Root\RSOP for "Authenticated Users" to the same as "Administrators" for "this namespace and subnamespaces".

I have also granted "Authenticated Users" permission for "RSOP Planning" and "RSOP Logging" on the OU which contains the workstation account.

What permissions am I missing???

References:
- RSOP Planning Security problem
  - From: Wake-Up-Jeff
- Re: RSOP Planning Security problem
  - From: Alan Mosley
- Re: RSOP Planning Security problem
  - From: Wake-Up-Jeff

Prev by Date: update data in MDE project from scripting
Next by Date: Re: winnt provider and lastlogin using vbscript
Previous by thread: Re: RSOP Planning Security problem
Next by thread: VBS waiting for program to finish
Index(es):
- Date
- Thread

Relevant Pages

Re: Authenticated Users
... > What is the 'Authenticated Users' special account used for? ... Everyone is everyone and any user account from the domain and any trusted ... Then lock it down in the NTFS Security permissions. ... locally, and Joe is set to Read in the NTFS permissions, Joe will ONLY have ...
(microsoft.public.win2000.active_directory)
Re: Problems on DNS
... If you changed the default permissions to only ADministrators, ... Authenticated Users Modify and System Full Control. ... account, so you can be safe there. ...
(microsoft.public.windows.server.dns)
is IUSR_ a member of "Everyone"? Is that wise?
... Does that include the IUSR_ account? ... would it be recommended that I change the permissions on /every/ file on the ... system with the to "Authenticated Users"? ...
(microsoft.public.win2000.security)
Re: Incoming E-Mail - cant create contact in OU
... account out of local administrator to attempt to find any denied access. ... I then added full permissions to my user account on both of these keys, ... local admin rights to the server hosting incoming email. ... what permission I need to give the app pool locally to avoid this issue. ...
(microsoft.public.sharepoint.windowsservices)
Re: Incoming E-Mail - cant create contact in OU
... account out of local administrator to attempt to find any denied ... I then added full permissions to my user account on both of these keys, ... that's for every app pool you create for every new web app on the ... local admin rights to the server hosting incoming email. ...
(microsoft.public.sharepoint.windowsservices)