Systeminfo /S prompts for a password

I am a domain admin on our company network, and am faced with a problem that is quite puzzling.  On a select few machines in our domain (including my own personal machine), if I login is myself, and run a 'systeminfo /S computername' I am prompted with a "Type the password for domain\choldsworth" ... I type in my password, and then it errors out with a login failure.  If I run the systeminfo /S on a different computer, still logged in as myself, it works just fine.  However, I've also found that I can only do a systeminfo on my own personal machine if I am logged into it directly... If I (or any of the other admins) try and systeminfo my machine remotely, we have the same problem.

Normally, this wouldn't be a huge issue ... however, we have just purchased some auditting software, and if I try and scan someone from my computer, I get an access denied message... which I am sure is related.

I am running Windows XP SP2, with the firewall off.  Other machines running WinXP SP2 are able to perform this command w/o problem.

If anyone has an idea what the issue could possibly be, please reply... I am running out of ideas :)
choldsworthAsked:
Who is Participating?
 
DebugNTConnect With a Mentor Commented:
To contact the remote computer, the SYSTEMINFO program uses WMI which in turn relies on proper operation of DCOM.  Your remote security proble may rest with dcom.

Use dcomcfng to configure DCOM Security.
Here are a few resources you may find useful.

COM Security in Practice
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dncomg/html/msdn_practicom.asp

Securing Remote Management with WMI
http://mcpmag.com/columns/article.asp?EditorialsID=381

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/com/htm/reg_3kv9.asp

If you find yourself changing the permissions, then you may want to just return to the defaults.
Delete the DefaultAccessPermissions in the above key to get back to the default the system ships with.

Try a quick test with the following script to see if you can contact the WMI repository on the remote machine.

PROC.VBS

'Change the computername to the computer name
strComputer = "COMPUTERNAME"
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")

Set colSettings = objWMIService.ExecQuery _
    ("Select * from Win32_Processor")

For Each objProcessor in colSettings
    Wscript.Echo "Processor: " & objProcessor.Description
Next

Good Luck,

John
0
 
KenneniahCommented:
The only thing offhand I can think of is if somehow local policy got changed. Specifically "Access this computer from the network", and "Deny access to this computer from the network" under User Rights Assignment in secpol.msc.

Make sure Administrators is in the first and not in the second.

Can you connect at all to these machines from a remote computer such as mapping a drive to?
0
 
choldsworthAuthor Commented:
Good suggestion ... I checked, and unfortunately everything checks out ok under gpedit.msc - Admins have access, and are not under deny access.

Yes, I can connect to these machines by mapping a drive.  The only problem I seem to have is running a systeminfo on them, or running my auditing software on them.  It prompts for a password, but does not accept my credentials.
0
 
choldsworthAuthor Commented:
Thanks a lot, John.  After reviewing those links, I was able to determine that DCOM was actually turned off.  I'm guessing a security update I ran at some point may have done it.. I'm not sure.  After re-enabling DCOM, systeminfo /S (and our auditing software) now works like a charm.  Thanks again!

Chris
0
 
mirthlessCommented:
I had the same problem. Somehow, DCOM got disabled on my computer. To turn it back on I...
Start > Run > dcomcnfg
Expand Component Services > Computers, Right Click 'My Computer' > Properties.
On the Default Properties tab, check 'Enable Distributed COM on this computer'
Other settings were:
     No check in 'Enable COM Internet Services on this computer'
     Default Authentication Level = Connect
     Default Impersonation Level = Identify
     No check in 'Provide additional security for reference tracking'
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.