Re: Why can't I remote-manage this *one* workstation?

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Have you tried logging into one of the domain controllers with the domain
administrator account, then using RUNAS /USER to open a CMD window to try a
few remote administration commands against the machine?

It could be an account issue (e.g. local worksation admin messing with logon
rights to block the dom admin account) or it could be something more
esoteric like mismatched SMB signing or RPC restriction settings.

The RUNAS trick will help you narrow down a possible account issue. If that
fails, ensure you have domain/local account and account logon
success/failure auditing and see what failure events the client generates in
its Security log. If that still doesn't do it, I'd get a basic network
capture and then filter the traffic to/from the two IP's and see what
packet/protocol is throwing back the 'access denied'

jason


"SKS" <vermonter.NOSPAMZ@xxxxxxxxxxx> wrote in message
news:MPG.1d4862a622f5f24989681@xxxxxxxxxxxxxxxxxxxxxxx
> In article <u3VEvxUjFHA.2444@xxxxxxxxxxxxxxxxxxxx>, newsg@xxxxxxxxxxxx
> says...
>
>> do you have the admin shares on the computer, for example c$, Admin$,
>> IPC$
>> ??? For example IPC$ is used for remote administration.
>
> Yup.
>
> And this just gets weirder and weirder. I can connect to and manage the
> workstation remotely from another workstation, using my regular user
> account (which has limited administrator privileges on the domain...) -
> but I can't do it from one of the domain controllers or member servers
> logged in as the domain administrator account.
>
> For example, if I go to Network Places on my user account and put
> "\\workstation" in the address bar, it cheerfully shows me the shares on
> workstation. But if I try this from one of the DCs, as Administrator,
> it screeches, "\\workstation is not accessible. You might not have
> permission...blah, blah."
>
> ...followed by the Kafka-esque, all-too-Microsoftian admonition to
> "contact the administrator of this server" - *which I am logged in
> as*!!!!
>
>
> --
> SKS
> vermonter@xxxxxxxxxxxxxxxxxxxxxxxxxx


.

Relevant Pages

  • Re: Keep admins off of client machines
    ... the sharepoint admin is simple, just create a standard user account for them ... The 'Domain Administrator' account is ... Domain Administrator password. ... takes a thorough understanding of such priveleges to do so. ...
    (microsoft.public.windows.server.sbs)
  • Re: firewall on budget ?
    ... 1)Work in Admin mode, and through 'run as', browse ... If working in admin mode and doing runas to browse in a guest account. ... Installing a program, getting an error, then doing the run as, can be ... running as administrator all the time. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: adding oneself to another user group ... help?
    ... You use your administrator account to runas. ... > within the admin group (with spyware doctor you have to be admin to even ... >>> You should add yourself to the Users or Power Users group. ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: XP (SP2) user passwords
    ... Safe Mode requires an administrator to log on the machine. ... I always suggest checking who has Admin accounts, ... administrator account, which normally does not appear, and in SP2, I don't ...
    (microsoft.public.windows.mediacenter)
  • Re: Could this be an XP problem?
    ... >> This means you have admin access under jlunis login. ... This is one way to get in as admin in XP home. ... >> tab) then type in administrator as username and blank password. ... administrator account. ...
    (microsoft.public.windowsxp.general)