ERROR : permission denied ... weird login script error

hey all,
   im having an issue with one particular server. i have a vbs login script that basically launches internet explorer and then maps users drives and what not. i have cut and pasted a part of the script below. basically one server1 i get an error when a user logs in. i get an error at the Set objMSIE = CreateObject("InternetExplorer.Application") part. it wont launch internet explorer and thus can't run the login script. on server #2 which is supposed to be identical to server1, everything works great.

part of the script:
Set objNetwork = createObject("WScript.Network")
Set objFileSystem = createObject("Scripting.FileSystemObject")
Set objShell = createObject("WScript.Shell")
Set objMSIE = CreateObject("InternetExplorer.Application")

error :
permission denied: 'createobject'
code : 800a0046

is there any reason why i would be getting permissions denied ? if i use a domain admin account(which is a member of the local admin group on server1 and server2) then the script runs flawlessly. if i use ANY other level access that is NOT a domain admin then it doesn't work. i have explicitly added a bunch of user accounts to the local admin group on server1, and they still get the error message. so it seems like you have to be a domain admin for this to work. which is odd. having full access to the particular server doesnt work.

this login scipt has been in production for years and has never had any issues. server1 is a win2000 citrix server and is the only server here that gets this issue. both server1 and server2 are in the same active directory ous and get the same group policies and what not. its just odd how im getting permissions issues with server1 and not server2. so something must be different. how should i go about resolving this? i dont even know where to start. i have tried launching the script manually by copying to the server and double clicking on the vbs script and it still errors out. please let me know if you need more information...

thanks all :)
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Leo EikelmanDirector, IT and Business DevelopmentCommented:
You might not be adding your users correctly or not setting them up correctly.

Try look at this example

useport80Author Commented:
yeah i saw that on the web before and i ran dcomcnfg on both servers and they are exactly the same. all settings and all security permissions are identical. i shouldn't have to set explicit permissions since the other server is working without setting specific permissions. is there something else that i can look into?
useport80Author Commented:
i removed "domain admins" from the default security tab in default access permissions and it seemed to work. right now in the default access permissions list is empty. nothing is in there and it seems to work. but how can i remove domain admins from the group and then have it work for all users? it would make sense for me to add in a particular user or group and have it work.. but not for me to remove it.  since i removed all groups and users from this list, everything seems to work? but how does it work when no1 is supposed to have access? does a blank list mean "everyone" ?? or when you explicitly add users/groups to the list does it 'mean' ONLY these users/groups?

i just dont understand how it works when i remove domain admins. how can a an access list be blank and allow all accounts to work?

what are the rules or meaning for this defaultaccess permissions? does any1 have a link to a website that can fully explain this access list?
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Leo EikelmanDirector, IT and Business DevelopmentCommented:
I don't know if this is applicable, but you can double check:

useport80Author Commented:
i already found that document with google. didn't help me much. im just wondering what an empty "default access permissions" list means? does it mean every1 has access? or no1 has access? or what?
Leo EikelmanDirector, IT and Business DevelopmentCommented:
I don't think Microsoft would make a blank access list give permission to everybody by default....

What happens if you ONLY add the administrator?

useport80Author Commented:
if i add domain admins the only domain admins will be able to run the login script correctly. i put in my domain account and then i was able to run the login script as well. seems like when there is an entry on this list that it means "allow these groups/users and ONLY them and deny every1 else". when i remove every1 and the list is blank is seems to mean "allow everyone". i have 2 other win2k citrix servers and when i checked on them, there default access list is also empty. appears that an empty list works. i just want to know why. i wish there was a microsoft document or something that can explain the behavior of this setting.
Leo EikelmanDirector, IT and Business DevelopmentCommented:
I think something must be corrupt on your server boxes because I think giving EVERYONE rights by default would be a security breach.  I have tried finding articles on blank access lists and what I found seems to say that a blank list means no access.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Visual Basic Classic

From novice to tech pro — start learning today.