RE: Access Denied when running RSoP

Hi Brandy,

I made the changes you asked for. Most of the settings were correct, except
form the administrators access in DCOM. Because I did not understand if you
wnated me to make these changes on the server or on the PC, I applied them to
both. The result is still the same. There are no new errors in any eventlog.
I do have some DCOM errors on other times, but these do not seem to apply to
this issue.

The launch and activation security descriptor for the COM Server application
with CLSID
{486DD18C-B031-4586-AAF1-C1A92C57E4CC}
is invalid. It contains Access Control Entries with permissions that are
invalid. The requested action was therefore not performed. This security
permission can be corrected using the Component Services administrative tool.

I tracked this CLSID in the registry and found an entry under HKCR\AppId
which points the application narepl32, which is a part of the McAfee Common
Framework. This doen't seem to have anything to do with the problem....

For the rest, the logs are "clean".

Regards,
Ad.

""Brandy Nee [MSFT]"" wrote:

> Dear Customer,
>
> Thank you for posting back!
>
> I have performed a lot of research on this issue, based on my research,
> this issue can be caused by various factors, and we need time to
> troubleshoot. I greatly appreciate your time and understanding!
>
> Please see my following suggestions:
>
> 1. The default permissions on the RSOP tree are as follows:
>
> Administrators - Full Control - This namespace and subnamespaces
> Authenticated Users - Execute Methods, Enable Account, Remote Enable - This
> namespace only
> NETWORK SERVICE - Full Control - This namespace and subnamespaces
> SYSTEM - Full Control - This namespace and subnamespaces
>
> 2. Open Component Services (Start > Run > dcomcnfg click OK. Expand
> Component Services > Computers > My Computer > DCOM Config. Locate and
> right-click on MMC Application Class and choose Properties. Set the Launch
> and Access Permissions, in our case we had granted the "Administrators"
> group permissions to Access this interface.Test the issue again.
>
> If the issue persists, please help to gather event log for further
> research. To do so,
>
> On the server, run “eventvwr” (without quotation marks), check whether
> there are any errors. If yes, double click it, click the Copy button and
> paste the full content to the Newsgroup.
>
> Please take your time to perform the steps. I am looking forward to hearing
> from you!
>
> Best regards,
>
> Brandy Nee
>
> Microsoft CSS Online Newsgroup Support
>
> Get Secure! - www.microsoft.com/security
> ======================================================
> This newsgroup only focuses on SBS technical issues. If you have issues
> regarding other Microsoft products, you'd better post in the corresponding
> newsgroups so that they can be resolved in an efficient and timely manner.
> You can locate the newsgroup here:
> http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
>
> When opening a new thread via the web interface, we recommend you check the
> "Notify me of replies" box to receive e-mail notifications when there are
> any updates in your thread. When responding to posts via your newsreader,
> please "Reply to Group" so that others may learn and benefit from your
> issue.
>
> Microsoft engineers can only focus on one issue per thread. Although we
> provide other information for your reference, we recommend you post
> different incidents in different threads to keep the thread clean. In doing
> so, it will ensure your issues are resolved in a timely manner.
>
> For urgent issues, you may want to contact Microsoft CSS directly. Please
> check http://support.microsoft.com for regional support phone numbers.
>
> Any input or comments in this thread are highly appreciated.
> ======================================================
> This posting is provided "AS IS" with no warranties, and confers no rights.
>
>
>
> --------------------
> >Thread-Topic: Access Denied when running RSoP
> >thread-index: AcYQSYgidMpXU/WKRDOULdKAZkC4+w==
> >X-WBNR-Posting-Host: 83.117.209.47
> >From: "=?Utf-8?B?QWQgdmFuIGRlbiBCcm9law==?="
> <AdvandenBroek@xxxxxxxxxxxxxxxxxxxxxxxxx>
> >References: <3ACD6B4A-7ECF-4F08-8973-AA0F3BEA457A@xxxxxxxxxxxxx>
> <1mTNBdBEGHA.3592@xxxxxxxxxxxxxxxxxxxxx>
> >Subject: RE: Access Denied when running RSoP
> >Date: Tue, 3 Jan 2006 01:39:02 -0800
> >Lines: 161
> >Message-ID: <C2DA20FE-BD2B-44E1-BC9B-3736208E4A99@xxxxxxxxxxxxx>
> >MIME-Version: 1.0
> >Content-Type: text/plain;
> > charset="Utf-8"
> >Content-Transfer-Encoding: 7bit
> >X-Newsreader: Microsoft CDO for Windows 2000
> >Content-Class: urn:content-classes:message
> >Importance: normal
> >Priority: normal
> >X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
> >Newsgroups: microsoft.public.windows.server.sbs
> >NNTP-Posting-Host: TK2MSFTNGXA03.phx.gbl 10.40.2.250
> >Path: TK2MSFTNGXA02.phx.gbl!TK2MSFTNGXA01.phx.gbl!TK2MSFTNGXA03.phx.gbl
> >Xref: TK2MSFTNGXA02.phx.gbl microsoft.public.windows.server.sbs:233679
> >X-Tomcat-NG: microsoft.public.windows.server.sbs
> >
> >Hi Brandy,
> >Thank you for your response.
> >Tried all the suggestions, it didn't work.
> >
> >Regarding your questions:
> >a. If I use another user account, the same thing happens. Next, I
> installed
> >gpmc.msi on my WinXP PC and logged in on my pc as a domain admin. From
> this
> >pc gpmc works fine, I can run the GP Results Wizzard for all other PC's in
> >the domain, but not for the SBS Server ("access denied" again).
> >
> >b. Yes, when running on the SBS Server all the computers give the same
> result.
> >
> >c. It has worked fine before, but stopped since a month or 2. This was
> >before we installed Windows 2003 SP1 and SBS SP1 (It's my best guess, but
> not
> >100% sure....) We are using McAfee VirusScan Enterprise on the server and
> all
> >workstations, installed McAfee Anti-Spyware Anterprise in november. But
> when
> >I stop all the McAfee services on the server the problem persists. Since I
> >can run gpmc from one workstation to another, both running McAfee, I don't
> >think that McAfee is the problem.
> >
> >d. Group Policy Error : You do not have permission to perform this
> >operation. Access denied.
> >
> >Regards,
> >Ad.
> >
>
>
.