Re: Remote Registry Problem

---

• From: Kevin <Kevin@xxxxxxxxxxxxxxxxxxxxxxxxx>
• Date: Wed, 8 Jul 2009 07:08:01 -0700

---

Thank you for your reply. Your assessment of the issue is accurate.

I have checked the local policy and the setting for "Impersonate a client
after authentication" has both Administrators and SERVICE defined.

When I try to connect with Event Viewer, I receive the following error:

"Unable to connect ot the computer <computer>. The error was: Either a
required impersonation level was not provided, or the provided impersonation
level is invalid."

That said, while waiting for replies to my original post, I kept working the
issue and compared the Default Domain Policy GPO to another SBS server in
another environment. In this GPO (at this policy level), that setting should
be NOT DEFINED and instead had members Administrator and NETWORK SERVICE.
How that setting came to be there is unknown since GPMC does NOT allow you to
set the membership of this group unless it has the recommended defaults of
both Administrators and SERVICE defined. Again, however, at the "Default
Domain Policy" level, this setting should be NOT DEFINED (according to that
comparison SBS server). Instead, the policy is defined at the Local Policy
level, where the settings should be as detailed by Miles: Administrators and
SERVICE.

Ultimately, the fix was to change the Default Domain Policy's "Impersonate a
client after authentication" setting to NOT DEFINED and reboot the affected
PCs.

Thanks to everyone for their input.

"Miles Li [MSFT]" wrote:

Hello Kevin,

Thank you for posting here.

According to your description, I understand that:

You cannot connect to the remote registry on the Windows XP SP3 client from
the SBS server with the error " Unknown DOS error 0x00000542".

If I have misunderstood the problem, please don't hesitate to let me know.

Suggestions:
====================
As the error indicates "ERROR_BAD_IMPERSONATION_LEVEL", please try to check
the "Impersonate a client after authentication" in the Local Computer
Policy of the XP client. To do that:


1. Open "gpedit.msc" on the XP client.
2. Locate the "Impersonate a client after authentication" setting in
Computer Configuration--->Windows Settings--->Security Settings--->Local
policy--->user right assignment.
3. Make sure that both Administrators group and SERVICE account is listed.
If not, try to manually add it and reboot the client to check how it works.


If the issue persists, please try to check how it works if you try to
connect Event viewer remotely to the XP client?

If you have any questions or concerns, please do not hesitate to let me
know.





Best regards,

Miles Li
Microsoft Online Newsgroup Support

==================================================================
Please post your EBS related questions to the EBS newsgroup on Connect
website:
https://connect.microsoft.com/ebs08/community/discussion/richui/default.aspx


If you want to use a newsreader other than a web forum to access these
newsgroups,
please refer to the following blog to apply NNTP password and configure a
newsreader:
http://msmvps.com/blogs/bradley/archive/2008/11/02/signing-up-for-the-sbs-20
08-newsgroups.aspx
==================================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
==================================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
==================================================================

.

---

• Follow-Ups:
  • Re: Remote Registry Problem
    • From: Miles Li [MSFT]

• References:
  • Remote Registry Problem
    • From: Kevin
  • Re: Remote Registry Problem
    • From: Mark D. MacLachlan
  • Re: Remote Registry Problem
    • From: Kevin
  • Re: Remote Registry Problem
    • From: Miles Li [MSFT]

• Prev by Date: Cannot connect to workstations using RWW SBS 2008
• Next by Date: Re: How can I back up SBS 2008 VM inside Hyper-V Server 2008 R2
• Previous by thread: Re: Remote Registry Problem
• Next by thread: Re: Remote Registry Problem
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: Debugger not working in Vs.net 2003 ... I check The "Impersonate a client after authentication" user right, aspnet ... (microsoft.public.vsnet.debugging) Re: Installshield wizard was Interrupted on XP Home Edition ... Grants/Revokes NT-Rights to a user/group ... change the 'Impersonate a client after authentication' setting and thus can ... (microsoft.public.windowsxp.help_and_support) Re: Problem running ASP.NET 2.0 on Win2K domain controller ... Domain Controllers policy and added system to the Impersonate a Client ... After Authentication right and rebooted the box. ... (microsoft.public.dotnet.framework.aspnet.security) Re: THIS FIXES 0x800a0046 ... Are you trying to access the client remotely, and then connect it to Windows Update? ... ""Impersonate a client after authentication"" security policy. ... Choose Local Security Policy ... (microsoft.public.windowsupdate) Re: Network Connections not displayed ... This is caused by the "Group Policy" setting "Impersonate a client ... "Impersonate a client after authentication" set wrong. ... (microsoft.public.windows.server.networking)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Windows  > microsoft.public.windows.server.sbs  > 2009-07