useport80
asked on
ERROR : permission denied ... weird login script error
hey all,
im having an issue with one particular server. i have a vbs login script that basically launches internet explorer and then maps users drives and what not. i have cut and pasted a part of the script below. basically one server1 i get an error when a user logs in. i get an error at the Set objMSIE = CreateObject("InternetExpl
part of the script:
Set objNetwork = createObject("WScript.Netw
Set objFileSystem = createObject("Scripting.Fi
Set objShell = createObject("WScript.Shel
Set objMSIE = CreateObject("InternetExpl
error :
permission denied: 'createobject'
code : 800a0046
is there any reason why i would be getting permissions denied ? if i use a domain admin account(which is a member of the local admin group on server1 and server2) then the script runs flawlessly. if i use ANY other level access that is NOT a domain admin then it doesn't work. i have explicitly added a bunch of user accounts to the local admin group on server1, and they still get the error message. so it seems like you have to be a domain admin for this to work. which is odd. having full access to the particular server doesnt work.
this login scipt has been in production for years and has never had any issues. server1 is a win2000 citrix server and is the only server here that gets this issue. both server1 and server2 are in the same active directory ous and get the same group policies and what not. its just odd how im getting permissions issues with server1 and not server2. so something must be different. how should i go about resolving this? i dont even know where to start. i have tried launching the script manually by copying to the server and double clicking on the vbs script and it still errors out. please let me know if you need more information...
thanks all :)
im having an issue with one particular server. i have a vbs login script that basically launches internet explorer and then maps users drives and what not. i have cut and pasted a part of the script below. basically one server1 i get an error when a user logs in. i get an error at the Set objMSIE = CreateObject("InternetExpl
part of the script:
Set objNetwork = createObject("WScript.Netw
Set objFileSystem = createObject("Scripting.Fi
Set objShell = createObject("WScript.Shel
Set objMSIE = CreateObject("InternetExpl
error :
permission denied: 'createobject'
code : 800a0046
is there any reason why i would be getting permissions denied ? if i use a domain admin account(which is a member of the local admin group on server1 and server2) then the script runs flawlessly. if i use ANY other level access that is NOT a domain admin then it doesn't work. i have explicitly added a bunch of user accounts to the local admin group on server1, and they still get the error message. so it seems like you have to be a domain admin for this to work. which is odd. having full access to the particular server doesnt work.
this login scipt has been in production for years and has never had any issues. server1 is a win2000 citrix server and is the only server here that gets this issue. both server1 and server2 are in the same active directory ous and get the same group policies and what not. its just odd how im getting permissions issues with server1 and not server2. so something must be different. how should i go about resolving this? i dont even know where to start. i have tried launching the script manually by copying to the server and double clicking on the vbs script and it still errors out. please let me know if you need more information...
thanks all :)
ASKER
yeah i saw that on the web before and i ran dcomcnfg on both servers and they are exactly the same. all settings and all security permissions are identical. i shouldn't have to set explicit permissions since the other server is working without setting specific permissions. is there something else that i can look into?
ASKER
i removed "domain admins" from the default security tab in default access permissions and it seemed to work. right now in the default access permissions list is empty. nothing is in there and it seems to work. but how can i remove domain admins from the group and then have it work for all users? it would make sense for me to add in a particular user or group and have it work.. but not for me to remove it. since i removed all groups and users from this list, everything seems to work? but how does it work when no1 is supposed to have access? does a blank list mean "everyone" ?? or when you explicitly add users/groups to the list does it 'mean' ONLY these users/groups?
i just dont understand how it works when i remove domain admins. how can a an access list be blank and allow all accounts to work?
what are the rules or meaning for this defaultaccess permissions? does any1 have a link to a website that can fully explain this access list?
i just dont understand how it works when i remove domain admins. how can a an access list be blank and allow all accounts to work?
what are the rules or meaning for this defaultaccess permissions? does any1 have a link to a website that can fully explain this access list?
I don't know if this is applicable, but you can double check:
http://support.microsoft.com/?kbid=298725
Leo
http://support.microsoft.com/?kbid=298725
Leo
ASKER
i already found that document with google. didn't help me much. im just wondering what an empty "default access permissions" list means? does it mean every1 has access? or no1 has access? or what?
I don't think Microsoft would make a blank access list give permission to everybody by default....
What happens if you ONLY add the administrator?
Leo
What happens if you ONLY add the administrator?
Leo
ASKER
if i add domain admins the only domain admins will be able to run the login script correctly. i put in my domain account and then i was able to run the login script as well. seems like when there is an entry on this list that it means "allow these groups/users and ONLY them and deny every1 else". when i remove every1 and the list is blank is seems to mean "allow everyone". i have 2 other win2k citrix servers and when i checked on them, there default access list is also empty. appears that an empty list works. i just want to know why. i wish there was a microsoft document or something that can explain the behavior of this setting.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try look at this example
http://www.g6ftpserver.com/forum/lofiversion/index.php?t1377.html
Leo