Holsche
asked on
Running processes on remote machines -- access denied (problem with admin$ share??)
Hi all,
I am trying to use psexec from www.sysinternals.com to run processes on remote computers. Everything is Windows XP (Home/Professional - tried all combinations without luck). The bottom line is that it doesn't work for me. At some point I received an error message about the "admin$" share. I get the same error message when trying to use the admin$ share. That's why I suspect the problem is the admin$ share. Anyway I've put more details below.
The admin$ share on the remote computer has been created as follows:
C:\>net share admin$
admin$ wurde erfolgreich freigegeben.
Shares on the remote computer look as follows:
C:\>net share
Name Ressource Beschreibung
--------------------------
admin$ C:\WINDOWS Remoteadmin
IPC$ Remote-IPC
C C:\
Der Befehl wurde erfolgreich ausgeführt.
However, running psexec does not work:
C:\>psexec -u xxx -p yyy \\computername ipconfig /all
PsExec v1.52 - Execute processes remotely
Copyright (C) 2001-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
Couldn't access computername:
Zugriff verweigert
Connecting to the admin$ doesn't work either - same error message
C:\>net use \\computername\admin$
Das Kennwort für \\computername\admin$ ist ungültig.
Drücken Sie die EINGABETASTE, oder geben Sie einen neuen Benutzernamen ein, um eine
Verbindung zwischen "computername\Gast" und "computername" herzustellen: username
Geben Sie das Kennwort für "computername" ein:
Systemfehler 5 aufgetreten.
Zugriff verweigert
(english translation: invalid password for \\computername\admin$, press enter key or enter new user name to connect to computername. ... system error 5 occuered ... access denied)
Thanks in advance
Holsche
I am trying to use psexec from www.sysinternals.com to run processes on remote computers. Everything is Windows XP (Home/Professional - tried all combinations without luck). The bottom line is that it doesn't work for me. At some point I received an error message about the "admin$" share. I get the same error message when trying to use the admin$ share. That's why I suspect the problem is the admin$ share. Anyway I've put more details below.
The admin$ share on the remote computer has been created as follows:
C:\>net share admin$
admin$ wurde erfolgreich freigegeben.
Shares on the remote computer look as follows:
C:\>net share
Name Ressource Beschreibung
--------------------------
admin$ C:\WINDOWS Remoteadmin
IPC$ Remote-IPC
C C:\
Der Befehl wurde erfolgreich ausgeführt.
However, running psexec does not work:
C:\>psexec -u xxx -p yyy \\computername ipconfig /all
PsExec v1.52 - Execute processes remotely
Copyright (C) 2001-2004 Mark Russinovich
Sysinternals - www.sysinternals.com
Couldn't access computername:
Zugriff verweigert
Connecting to the admin$ doesn't work either - same error message
C:\>net use \\computername\admin$
Das Kennwort für \\computername\admin$ ist ungültig.
Drücken Sie die EINGABETASTE, oder geben Sie einen neuen Benutzernamen ein, um eine
Verbindung zwischen "computername\Gast" und "computername" herzustellen: username
Geben Sie das Kennwort für "computername" ein:
Systemfehler 5 aufgetreten.
Zugriff verweigert
(english translation: invalid password for \\computername\admin$, press enter key or enter new user name to connect to computername. ... system error 5 occuered ... access denied)
Thanks in advance
Holsche
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I could also be a policy on the remote computer, that disables use of the admin share.
http://support.microsoft.com/?kbid=306300
It describes how to DISABLE use of the admin share
*** quote ***
Click Start, click Run, type gpedit.msc, and then click OK.
In the Group Policy editor, click to expand Computer Configuration, click to expand Administrative Templates, click to expand Windows Components, and then click to expand Terminal Services.
Double-click the Do not allow new client connections policy.
Set the policy to Enabled, and then click OK.
You can also use the following procedure to disable Remote Desktop; however, if you use the preceding procedure, the following configuration is overridden:
Right-click My Computer and click Properties.
Click the Remote tab.
In the Remote Desktop section, click to clear Allow users to connect remotely to this computer, and then click OK.
NOTE: Remote Desktop is not available in Windows XP Home Edition.
***end of quote ***
Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark
:o) Your brain is like a parachute. It works best when it's open
http://support.microsoft.com/?kbid=306300
It describes how to DISABLE use of the admin share
*** quote ***
Click Start, click Run, type gpedit.msc, and then click OK.
In the Group Policy editor, click to expand Computer Configuration, click to expand Administrative Templates, click to expand Windows Components, and then click to expand Terminal Services.
Double-click the Do not allow new client connections policy.
Set the policy to Enabled, and then click OK.
You can also use the following procedure to disable Remote Desktop; however, if you use the preceding procedure, the following configuration is overridden:
Right-click My Computer and click Properties.
Click the Remote tab.
In the Remote Desktop section, click to clear Allow users to connect remotely to this computer, and then click OK.
NOTE: Remote Desktop is not available in Windows XP Home Edition.
***end of quote ***
Many Regards
Jorgen Malmgren
IT-Supervisor
Denmark
:o) Your brain is like a parachute. It works best when it's open
Also If the remote PC is XP, you will need to do this ON the PC if it is not in a domain:
Start | Programs | Administrative Tools | Local Security Policy
Security Settings
Sharing Mode- Change this to "Classic Mode - Local users Authenticate as Themselves" (as opposed to "Guest only" the default model)
this fix will be applied after a restart
See:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/506.asp?frame=true
Start | Programs | Administrative Tools | Local Security Policy
Security Settings
Sharing Mode- Change this to "Classic Mode - Local users Authenticate as Themselves" (as opposed to "Guest only" the default model)
this fix will be applied after a restart
See:
http://www.microsoft.com/technet/treeview/default.asp?url=/technet/prodtechnol/winxppro/proddocs/506.asp?frame=true
ASKER
Thanks, YarnoSG - that was the solution !
_____________
das Konto zu erklären, das Sie innen am Ort geloggt werden hat nicht administrative Rechte auf REMOTEMASCHINE Sie Ihre Identität zur Remotemaschine mit administrativen Bescheinigungen herstellen müssen, folglich "/User:TargetPC\Administra