VBScript runtime error: 800A0046 Permission denied: 'GetObject'"

DenisBS
Is domain admins still in the local admins group on the remote machines?

Cheers

JamesDS

DenisBS
You code is designed to tell you who is logged on currently and relies on being able to pass your credentials (domain admin) to the remote machine.

When I tried this code using a domain admin account it works fine, when I use a non-priv account I get a failure at line 2 (as expected):

Error: 0x80041003 refers to access denied, which suggests that either you don't have the rights (as suggested above)

There is a good paper on WMI errors here: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/wmi_error_constants.asp 


Cheers

JamesDS

Thanks

Domain Admins are by default in the local admiins group on all clients

The Script worked previously with my logon but now doesn't, my privileges haven't changed as Domain Admin.

As a Domain Admin I have full administrator privileges on all clients.

This is really puzzling because the scripts used to work,  I am not aware of any changes made to the network or active directory which would prevent them working.  The only recent addition to the network is the addition of SMS (Systems Management Server).

I am really puzzled by this.

DenisBS
Have you tried adding your machine account into the domain admins group

It is a potentially nasty security risk, but it might help debugging

Cheers

JamesDS

Hi JamesDS

Tried adding machine account to Domain Admins but no change. Still can't run script remote.

I have a further problem now, somehow I have redirected the script output to a Command Window, which I am unable to view as it closes as soon as the script completes.  Do you know how to redirect the script out put bact to a form, or how to pause the Command window at the end of the script ?

Thanks

I have resolved the redrecting of script output.

Thanks

For additional info I have run script to check the current script environment.

The output follows

Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.


Operating System
================
Caption:           Microsoft Windows 2000 Professional
OSType:            18
Version:           5.0.2195
Service Pack:      4.0
Windows Directory: C:\WINNT

Windows Script Host
===================
WSH Default Script Host: cscript.exe
WSH Path:                C:\WINNT\system32\cscript.exe
WSH Version & Build:     5.6.8515

Windows Management Instrumentation
==================================
WMI Version & Build:         1.5.1085.0005
Default scripting namespace: root\cimv2

Active Directory Service Interfaces
===================================

ADSI Version & Build: 5.0.2195

ADSI Providers
--------------
WinNT:
NWCOMPAT:
NDS:
LDAP:
IIS:

Current Versions
================
WSH version:  most recent for OS version.
WMI version:  most recent for OS version.
ADSI version: most recent for OS version.

Just a thought but I notice that WMI is dependant on RPC.  Is it likely that the fixes recently released to fix the Sasser Virus is preventing WMI access via RPC?

DenisBS
I don't know if the WINNT object works with "run as impersonation", but you might try looking at www.15seconds.com

The RPC fixes for Sasser are not likely to affect your script.

Cheers

JamesDS

Hi,

I have made some progress.  I have found that there was some coruption occuring with my credentials and have now fixed this by removing and replacing permissions in Active Directory, so I can Run scripts, However I cannot run scripts from my PC which query remote PCs, or run remote scripts from another PC which query my PC, I can run scripts on my PC which are acting locally on my PC and I can run run scripts on other PCs which act on remote PCs.  Other than doing a complete rebuild of my PC do you have any ideas.

Regards

DenisBS
You could try looking in the local policy settings to see if any of the security configs differ from one of the PCs that works.

Run MMC from the command line and add remove snapins
Select the Group Policy Snapin and select the local policy

The likely candidate settings are under windows settings/security settings

Cheers

JamesDS

Hi

Checked local Policy and can't detect any differences.


Thanks

DenisBS
In which case, you may well be looking at a rebuild

Cheers

JamesDS

Hi JamesDS,

Thanks for your help.  I am going to leave this question open for a while as I feel that there is an issue here that hasn't been addressed.  It is unsettling that something can prevent scripts from working on a network.  I have searched Microsoft and this problem only ever seem to come up with ASP.  I understand the problem with ASP and permissions requred on directories etc.  This is not the issue here.  I am only tyring to run administrative scripts.  I have all the permissions I require both on the Servers and Workstations.  I have run various monitoring tools which check for file access violations, security Violations and have found nothing wrong.  My PC has quite a complicated configuratioin as I do a lot of remote admin from it and it is a repository for all my troubleshooting resources.  Rebuilding it is not a trivial task as it would be for a production workstation.

I will continue to research this problem and if I come up with anything I will post it Here.  If I don't get an answer I will ask for the question to be deleted as I don't feel we have really provided an answer to my specific problem and I wouldn't like to leave it as it is for others who might be looking to answer a similar problem.

Thanks

DenisoS

Apologies JamesDS

I didn't mean to sound unappreciative of your help.  I have really appreciated it.  It's just that I don't feel I can give this Q a status of PAQ as it doesn't provide a answer to the problem yet.  I am still hopeful and will try the network monitor.  Apart from the applications installed, my PC should have the same security settings and patches as all other PCs, as these are rolled out under group policy and we have a strict policy of keeping patches and anti virus up to date.  I think you are right that it is a network communications issue.  I am carrying on working by running my scripts from a spare PC I have set up and I hope to come up with a solution in due course.

IF I do so I will post it here and close the question as a PAQ.

Regards

DenisBS

Hi,

I have run network monitor and I have found that the sripts are not sending any traffic on the network.  There is no network communication at all.

I have run network monitor on a machine which can run scripts and there is a lenghty exchange between the machines, but When I run network monitor on my machine and try to run a script acting on a remote machine there is absolutely no network trafic generated.

All other network functions work OK on my machine.

Any Ideas ?

Hi,

Cracked it!

I don't know it happened but somehow or other DCOM got disabled on my PC.

The solution was as follows:

Open Control Panel
Open Administrative Tools
Open the Component Services applet
Select Component Services and open the Computers Folder
Right Click My Computer and select Properties
Select the Default Properties tab and Ensure Enable Distribted COM on this Com,puter is Checked.
Apply, close all windows and reboot the PC

All is now working OK

Many Thanks

DenisBS

DenisBS
Welcome, it sounds like the network monitor was the thing that finally pointed you in the right direction

Glad I was able to help - albeit not provide the final solution.

Thanks for the points

Cheers

JamesDS

Good posts guys - i had exactly the same problem on XP and it was again due to DCOM being disabled....

While I cannot understand why some of our identically cloned computers have this issue and others don't, this appears to fix the problem.

Can anyone tell me how to set this property in Group Policy on Win Server 2003? All clients ar WinXP SP-2.

Thanks,
Greg