Re: SBS DCOM
- From: "smyth" <smyth2@xxxxxxxx>
- Date: 4 Jan 2007 04:58:02 -0800
Good morning,
I finally solved this and so I post it here in case it
helps someone (I searched ALL internet posts so someone in my case
might arrive here and see this).
The problem was in the "DCOM: Machine Access Restrictions"
and "DCOM: Machine Launch Restrictions". These had been modified and
not even the Admins could change them back thorugh gpedit.msc . And it
caused all sorts of problems.
I tried all solutions from the web to no result.
After a lot of research I found the registry settings that
alter this.They are:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows
NT\dcom\machineaccessrestriction
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows
NT\dcom\machinelaunchrestriction
These 2 keys should not be there by default so on a PC they can be
deleted (I tried it on various before trying it on the server and it
produced the same errors). On the server I was afraid to delete them
(it is a production server) so I added (A;;CCDCLC;;;WD) on the first
key and (A;;CCDCLCSWRP;;;WD) on the second one.This change included the
everyone group on both restrictions. Best thing is to reboot (although
on the production server I just left it to synchronise by itself).
Everything is working now smoothly and no other problems have emerged
(and I can now change policy settings and access DCOM and WMI
applications).
I hope this post helps someone with the same problems,
Smyth,
chace zhang wrote:
Hi,
Thank you for your reply.
I apologize for the delayed response because Steven applied leave these
days. please kindly note as this issue is rather complex, it's hard to
troublshoot it in this newsgroup, to resolve it we may need deeper
troubleshooting and to collect more logs. If the case and the issue is
urgent to your business, it is strongly recommended that you contact CSS
support, where you can enjoy a more interactive troubleshooting process
with a Microsoft Support professional and even have remote assistance. Due
to the support nature of newsgroup, it is not convenient to be done here.
Please be advised that contacting phone support will be a charged call.
To obtain the phone numbers for specific technology request please take a
look at the web site listed below.
http://support.microsoft.com/default.aspx?scid=fh;EN-US;PHONENUMBERS
If you are outside the US please see http://support.microsoft.com for
regional support phone numbers.
Your understanding and cooperation is great appreciated.
Have a nice day!
Best Regards,
Chace Zhang (MSFT)
Microsoft CSS Online Newsgroup Support
Get Secure! - www.microsoft.com/security
=====================================================
This newsgroup only focuses on SBS technical issues. If you have issues
regarding other Microsoft products, you'd better post in the corresponding
newsgroups so that they can be resolved in an efficient and timely manner.
You can locate the newsgroup here:
http://www.microsoft.com/communities/newsgroups/en-us/default.aspx
When opening a new thread via the web interface, we recommend you check the
"Notify me of replies" box to receive e-mail notifications when there are
any updates in your thread. When responding to posts via your newsreader,
please "Reply to Group" so that others may learn and benefit from your
issue.
Microsoft engineers can only focus on one issue per thread. Although we
provide other information for your reference, we recommend you post
different incidents in different threads to keep the thread clean. In doing
so, it will ensure your issues are resolved in a timely manner.
For urgent issues, you may want to contact Microsoft CSS directly. Please
check http://support.microsoft.com for regional support phone numbers.
Any input or comments in this thread are highly appreciated.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
--------------------
| From: "smyth" <smyth2@xxxxxxxx>
| Newsgroups: microsoft.public.windows.server.sbs
| Subject: Re: SBS DCOM
| Date: 12 Dec 2006 04:06:37 -0800
| Organization: http://groups.google.com
| Lines: 138
| Message-ID: <1165925197.640545.19930@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
| References: <1161778049.529460.62260@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| <1164966879.345914.73450@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>
| <OaRJ2E5FHHA.2304@xxxxxxxxxxxxxxxxxxxxxx>
| NNTP-Posting-Host: 80.33.212.217
| Mime-Version: 1.0
| Content-Type: text/plain; charset="us-ascii"
| X-Trace: posting.google.com 1165925203 25684 127.0.0.1 (12 Dec 2006
12:06:43 GMT)
| X-Complaints-To: groups-abuse@xxxxxxxxxx
| NNTP-Posting-Date: Tue, 12 Dec 2006 12:06:43 +0000 (UTC)
| In-Reply-To: <OaRJ2E5FHHA.2304@xxxxxxxxxxxxxxxxxxxxxx>
| User-Agent: G2/1.0
| X-HTTP-UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET
CLR 1.1.4322; .NET CLR 2.0.50727),gzip(gfe),gzip(gfe)
| Complaints-To: groups-abuse@xxxxxxxxxx
| Injection-Info: f1g2000cwa.googlegroups.com; posting-host=80.33.212.217;
| posting-account=Yh5xiw0AAACseNWJDGBqAyqzvNjlQGRV
| Path:
TK2MSFTNGHUB02.phx.gbl!TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!msrtrans!
news-spur1.maxwell.syr.edu!news.maxwell.syr.edu!postnews.google.com!f1g2000c
wa.googlegroups.com!not-for-mail
| Xref: TK2MSFTNGHUB02.phx.gbl microsoft.public.windows.server.sbs:3558
| X-Tomcat-NG: microsoft.public.windows.server.sbs
|
| Hi Steven,
| No luck. The doamin policies cahnged, but the local policies of the
| server (same machine as DC) did not change.
|
| Any more ideas?
| Thanks,
| Smyth
|
|
| Steven Zhu [MSFT] wrote:
| > Hi Smyth,
| >
| > It's very nice to hear you again.
| >
| > From your Userenv.log and description, I suggest you refer to the
following
| > steps to reset the group policy objects to default, you can do as
follows:
| >
| > 1. By default, there are only 9 default group policies on the SBS
server.
| > That is:
| >
| > - Small Business Server Auditing Policy
| > - Default Domain Controllers Policy
| > - Small Business Server Remote Assistance Policy
| > - Small Business Server Lockout Policy
| > - Small Business Server Domain Password Policy
| > - Small Business Server Client Computer
| > - Default Domain Policy
| > - Small Business Server Update Services Server Computers Policy
| > - Small Business Server Update Services Common Settings Policy
| >
| > For general backup and restore of the Default Domain Policy and Default
| > Domain Controller Policy, and also for other GPOs, Microsoft recommends
| > that you use the Group Policy Management Console (GPMC) to create
regular
| > backups of these GPOs. You can then use GPMC in conjunction with these
| > backups to restore the exact security settings that are contained in
these
| > GPOs.
| >
| > 2. Do you have GPOs backups when the SBS server was installed? If yes,
you
| > can easily restore them to defaults. If not, you can use the GPMC.MSC
| > console on a fresh installed SBS Server, export all the GPO settings and
| > import it to yours. You can do refer to the steps outlined in the
following
| > article:
| >
| > Backing up, Restoring, Migrating, and Copying GPOs
| >
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKi
| > t/937d5838-f720-4c0b-a65c-e8ed2658a414.mspx
| >
| > For more information about the GPMC, visit the following Microsoft Web
site:
| > http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
| >
| > Administering Group Policy with the GPMC
| > http://www.microsoft.com/windowsserver2003/gpmc/gpmcwp.mspx
| >
| > 3. If you have not fresh installed server, we can use the DCGPOFIX.exe
to
| > reset the Default Domain Policy or the Default Domain Controller
Policy, or
| > both policies.
| >
| > DCGPOFIX.EXE will restore the Default Domain Policy and the Default
Domain
| > Controller Policy to original default settings. Note that it does not
| > affect other GPOs.
| >
| > In SBS most of the custom GPO settings are done outside of these
policies.
| > We create custom GPOs to configure the settings for firewall, folder
| > redirection and etc. These GPOs will be left intact if you run
dcgpofix.exe.
| >
| > So if you want to reset the Default Domain Policy or the Default Domain
| > Controller Policy, you can refer to the following steps:
| >
| > 1). Backup all group policy settings by Group Policy Management console.
| > You can do as follows:
| >
| > Run "gpmc.msc" (no quotation marks) to launch the Group Policy
Management
| > console.
| >
| > Navigate to Domains -> servername -> Group policy Objects. Right click
it
| > to choose backup All item to backup all group policies configured in
your
| > domain. So that you can recover back settings you need.
| >
| > Backing up, Restoring, Migrating, and Copying GPOs
| >
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/library/DepKi
| > t/937d5838-f720-4c0b-a65c-e8ed2658a414.mspx
| >
| > 2). Delete the customized group policies that are not default group
| > policies in SBS 2003.
| >
| > 3). Run DCGPOFIX to reset Default Domain Policy and Default Domain
| > Controller Policy to original default settings. For details regarding
the
| > DCGPOFIX command-line switch, type DCGPOFIX /?.
| >
| > 4). Run command ''gpupdate /force'' (no quotation marks) on the SBS
server
| > box and all client workstations to force the policy refresh. Then please
| > test to see if the default group policies are back.
| >
| > More information is addressed in the following article:
| >
| > 833783 The Dcgpofix tool does not restore security settings in the
Default
| > Domain Controller Policy to their original state
| > http://support.microsoft.com/?id=833783
| >
| > 324800 How To Reset User Rights in the Default Domain Group Policy in
| > Windows Server 2003
| > http://support.microsoft.com/?id=324800
| >
| > Related information:
| >
| > Introducing the Group Policy Management Console
| > http://www.microsoft.com/windowsserver2003/gpmc/gpmcintro.mspx
| >
| > Administering Group Policy with the GPMC
| > http://www.microsoft.com/windowsserver2003/gpmc/gpmcwp.mspx
| >
| > Backing Up and Restoring Windows Small Business Server 2003
| >
http://download.microsoft.com/download/b/d/8/bd8e1a40-d202-429a-8eb7-26300d6
| > 2bcc9/BKU_BkupRstr.doc
| >
| > Hope above information helps. I am happy to be of assistance to you and
| > look forward to you reply.
| >
| > Have a nice day.
| >
| > Best Regards,
| >
| > Steven Zhu
| > MCSE/MCDBA
| > Microsoft Online Partner Support
| > Get Secure! - www.microsoft.com/security
| > ======================================================
| > For urgent issues, you may want to contact Microsoft CSS directly.
| > Please check http://support.microsoft.com for regional support phone
| > numbers.
| > Any input or comments in this thread are highly appreciated.
| > ======================================================
| > When responding to posts, please "Reply to Group" via your newsreader so
| > that others may learn and benefit from this issue.
| > ======================================================
| > This posting is provided "AS IS" with no warranties, and confers no
rights.
| > ======================================================
|
|
.
- Prev by Date: RE: WSS 3.0 Install Problem
- Next by Date: Re: Connecting a second Server
- Previous by thread: Re: connectcomputer problem
- Next by thread: RE: Problem installing fax services
- Index(es):
Relevant Pages
|
