Re: VBScript runtime error: 800A0046 Permission denied: 'GetObject
- From: Jerrald Noland <JerraldNoland@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Tue, 7 Mar 2006 13:11:30 -0800
Al:
I think I may have solved this issue. I'm testing this out right now with a
selected few users. It seems that, somehow, the permissions were not being
established or viewed correctly by the authenticated users group. I'll let
you know how the test goes.
"Al Mulnick" wrote:
Do you not have the steps you took to grant those rights?.
Right after this line
Dim objUser, objGroup
Can you get it to echo the strDomain, strUserName values? I'm curious if
those got set properly.
If those are set properly, you'll need to step through one at a time until
you see the line with the error. The one you posted is a function spec
followed by comments. Nothing to execute and if they're getting errors
there it would more likely be syntax than permissions. Could be something
else, but...
"Jerrald Noland" <JerraldNoland@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:8C7C8D84-4782-4D00-86A9-8CF1BD068758@xxxxxxxxxxxxxxxx
Here's the string where I get the error message
Function CreateMemberOfObject(strDomain, strUserName)
' Given a domain name and username, returns a Dictionary
' object of groups to which the user is a member of.
'
' Inputs:
'
' strDomain - Input, NT Domain name
' strUserName - Input, NT username
"Al Mulnick" wrote:
Because of the word wrap, it's hard to tell what 105 is for you vs. what
I
see. I see CreateMemberOfObject.CompareMode = vbTextCompare
Is that the same thing you see?
Some other things to look at:
That code looks like it started life here:
http://hacks.oreilly.com/pub/h/1130 and one of the things they add in
that
portion of the code is some sleep logic. In otherwords, I see some
differences.
Can you post the exact steps you took to delegate those rights? That
*shouldn't* have made a difference, but just to be sure....
Also, you may want to log what's happening in your code and the variable
values as they occur to see what happens. It's also possible you don't
need
the scripting dictionary, but I'll leave that for later.
Al
"Jerrald Noland" <JerraldNoland@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:466FF98E-FBA1-4137-A646-C7A43D6FC5CB@xxxxxxxxxxxxxxxx
I'm sorry for not making myself clear when posting this message. Below
is
a
copy of the script that's running at logon.
Option Explicit ' Force explicit declarations
'
' Variables
'
Dim SMSNetwork
Dim FSO
Dim strUserName ' Current user
Dim strUserDomain ' Current User's domain name
Dim strDFS ' Path to the DFS root
Dim strDepartment ' Current User's Department
Dim strLDrv ' Current user's L: Drive location
Dim strSDrv ' Current user's S: Drive location
Dim ObjGroupDict ' Dictionary of groups to which the user belongs
Dim AllDrives ' A listing of all drives that already exist
Dim MapLDrive ' Used to determine is user will have a L: Drive
Dim i
Set SMSNetwork = CreateObject("WScript.Network")
Set FSO = CreateObject("Scripting.FileSystemObject")
Set AllDrives = SMSNetwork.EnumNetworkDrives()
strUserName = SMSNetwork.UserName
strUserDomain = SMSNetwork.UserDomain
strDFS = "\\SIMPLEDOMAIN\Shares\"
strLDrv = "\\192.168.52.14\" & strUserName
' Read the user's account "Member Of" tab info across the network
' once into a dictionary object.
' Test for L:, Q:, S:, U:, & Z: then delete them if they exist
For i = 0 To AllDrives.Count - 1 Step 2
If AllDrives.Item(i) = "L:" Then SMSNetwork.RemoveNetworkDrive "L:",
True,
True
If AllDrives.Item(i) = "P:" Then SMSNetwork.RemoveNetworkDrive "P:",
True,
True
If AllDrives.Item(i) = "Q:" Then SMSNetwork.RemoveNetworkDrive "Q:",
True,
True
If AllDrives.Item(i) = "S:" Then SMSNetwork.RemoveNetworkDrive "S:",
True,
True
If AllDrives.Item(i) = "U:" Then SMSNetwork.RemoveNetworkDrive "U:",
True,
True
If AllDrives.Item(i) = "Z:" Then SMSNetwork.RemoveNetworkDrive "Z:",
True,
True
Next
Set ObjGroupDict = CreateMemberOfObject(strUserDomain, strUserName)
MapLDrive = TRUE
strDepartment = ""
' Admins do not have an L: drive
If MemberOf(ObjGroupDict, "Domain Admins") Then MapLDrive = FALSE
If MemberOf(ObjGroupDict, "Help Desk Admins") Then MapLDrive = FALSE
If MemberOf(ObjGroupDict, "All APPS") Then MapLDrive = FALSE
' Find Current User's Department
If MemberOf(ObjGroupDict, "SALES Group") Then strDepartment = "SALES"
If MemberOf(ObjGroupDict, "RESEARCH Group") Then strDepartment =
"RESEARCH"
If MemberOf(ObjGroupDict, "MARKET Group") Then strDepartment = "MARKET"
If MemberOf(ObjGroupDict, "CORPORATE Group") Then strDepartment =
"CORPORATE"
' Map the S: Drive
strSDrv = strDFS & "Departments\" & strDepartment
If strDepartment <> "" Then SMSNetwork.MapNetworkDrive "S:", strSDrv
' Now we will map all Custom Drives
If MemberOf(ObjGroupDict, "Domain Admins") Then
SMSNetwork.MapNetworkDrive
"P:", strDFS &
"Software\TECAPPS"
If MemberOf(ObjGroupDict, "Help Desk Admins") Then
SMSNetwork.MapNetworkDrive "P:", strDFS
& "Software\TECAPPS"
If MemberOf(ObjGroupDict, "All APPS") Then SMSNetwork.MapNetworkDrive
"P:",
strDFS &
"Software\ALLAPPS"
If MemberOf(ObjGroupDict, "DEVELOP Group") Then
SMSNetwork.MapNetworkDrive
"Q:", strDFS &
"Departments\RESEARCH\DEVCOMMON"
If MemberOf(ObjGroupDict, "BUDGET Group") Then
SMSNetwork.MapNetworkDrive
"Q:", strDFS &
"Departments\SALES\BDGT"
If MemberOf(ObjGroupDict, "STARS Group") Then
SMSNetwork.MapNetworkDrive
"Q:", strDFS &
"Applications\STARS"
If MemberOf(ObjGroupDict, "EXECUTIVE Group") Then
SMSNetwork.MapNetworkDrive
"U:", strDFS &
"Departments\EXEC"
If MemberOf(ObjGroupDict, "MKGT Group") Then SMSNetwork.MapNetworkDrive
"Z:",
"\\SYSSERVER03\MKGT"
' Map L: Drive
If MapLDrive = TRUE Then SMSNetwork.MapNetworkDrive "L:", strLDrv
Function MemberOf(ObjDict, strKey)
' Given a Dictionary object containing groups to which the user
' is a member of and a group name, then returns True if the group
' is in the Dictionary else return False.
'
' Inputs:
' strDict - Input, Name of a Dictionary object
' strKey - Input, Value being searched for in
' the Dictionary object
' Sample Usage:
'
' If MemberOf(ObjGroupDict, "DOMAIN ADMINS") Then
' wscript.echo "Is a member of Domain Admins."
' End If
'
'
MemberOf = CBool(ObjGroupDict.Exists(strKey))
End Function
Function CreateMemberOfObject(strDomain, strUserName)
' Given a domain name and username, returns a Dictionary
' object of groups to which the user is a member of.
'
' Inputs:
'
' strDomain - Input, NT Domain name
' strUserName - Input, NT username
'
Dim objUser, objGroup
Set CreateMemberOfObject = CreateObject("Scripting.Dictionary")
CreateMemberOfObject.CompareMode = vbTextCompare
Set objUser = GetObject("WinNT://" _
& strDomain & "/" _
& strUserName & ",user")
For Each objGroup In objUser.Groups
CreateMemberOfObject.Add objGroup.Name, "-"
Next
Set objUser = Nothing
End Function
The error occurs at line 105, char 1 and that's where the script stops
and
give the message of permission denied. I don't know where in Active
Directory I need to go to re-establish permission. It worked perfectly
up
until I went in and ran the delegate control wizard to try and grant
the
Help
Desk Admin group permission to reset user passwords and join
workstations
to
the domain. I did the delegate wizard from the domain level, not OU
level
if
this helps any.
"Al Mulnick" wrote:
Trying to access the users' dictionary object? That doesn't make much
sense
to me.
It might be helpful to understand what you did (step by step) to
delegate,
and to see the code snippet where the error is occurring. At least
enough
of the code to understand what's going on at any rate.
Depending on those answers, you may want to include a vbscript or adsi
newsgroup. This sounds more like a permissions issue though.
Al
"Jerrald Noland" <JerraldNoland@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in
message
news:9A0DCB6B-91DE-41EC-BB01-40D4B0F9C671@xxxxxxxxxxxxxxxx
I have a problem and I've searched the web to no avail. I setup
delegate
control for our help desk users. Now, all users are getting an
error
message
when logging into the domain. The error message states "VBScript
runtime
error: 800A0046 Permission denied: 'GetObject" This is occuring at a
certain
line thats trying to access the user's dictonary object. The script
worked
perfectly until the delegate control was set. It seems that domain
users
have lost some sort of permission to Active Directory. Domain
Admins
are
not
affected. I have made no changes other than delegating the Help
Desk
to
do
certain admin features. I can't believe that delegate control could
cause
this problem.
Can anyone help me with this?
- References:
- Re: VBScript runtime error: 800A0046 Permission denied: 'GetObject'"
- From: Al Mulnick
- Re: VBScript runtime error: 800A0046 Permission denied: 'GetObject
- From: Jerrald Noland
- Re: VBScript runtime error: 800A0046 Permission denied: 'GetObject
- From: Al Mulnick
- Re: VBScript runtime error: 800A0046 Permission denied: 'GetObject
- From: Jerrald Noland
- Re: VBScript runtime error: 800A0046 Permission denied: 'GetObject
- From: Al Mulnick
- Re: VBScript runtime error: 800A0046 Permission denied: 'GetObject'"
- Prev by Date: dedicated root domain issue
- Next by Date: Re: Another 2003 and Exchange 2003 Server upgrade question Please
- Previous by thread: Re: VBScript runtime error: 800A0046 Permission denied: 'GetObject
- Next by thread: Re: adprep fails with error 52
- Index(es):
Relevant Pages
|
