ERROR : permission denied ... weird login script error

hey all,
   im having an issue with one particular server. i have a vbs login script that basically launches internet explorer and then maps users drives and what not. i have cut and pasted a part of the script below. basically one server1 i get an error when a user logs in. i get an error at the Set objMSIE = CreateObject("InternetExplorer.Application") part. it wont launch internet explorer and thus can't run the login script. on server #2 which is supposed to be identical to server1, everything works great.

part of the script:
Set objNetwork = createObject("WScript.Network")
Set objFileSystem = createObject("Scripting.FileSystemObject")
Set objShell = createObject("WScript.Shell")
Set objMSIE = CreateObject("InternetExplorer.Application")

error :
permission denied: 'createobject'
code : 800a0046

is there any reason why i would be getting permissions denied ? if i use a domain admin account(which is a member of the local admin group on server1 and server2) then the script runs flawlessly. if i use ANY other level access that is NOT a domain admin then it doesn't work. i have explicitly added a bunch of user accounts to the local admin group on server1, and they still get the error message. so it seems like you have to be a domain admin for this to work. which is odd. having full access to the particular server doesnt work.

this login scipt has been in production for years and has never had any issues. server1 is a win2000 citrix server and is the only server here that gets this issue. both server1 and server2 are in the same active directory ous and get the same group policies and what not. its just odd how im getting permissions issues with server1 and not server2. so something must be different. how should i go about resolving this? i dont even know where to start. i have tried launching the script manually by copying to the server and double clicking on the vbs script and it still errors out. please let me know if you need more information...


thanks all :)
useport80Asked:
Who is Participating?
 
Leo EikelmanDirector, IT and Business DevelopmentCommented:
I think something must be corrupt on your server boxes because I think giving EVERYONE rights by default would be a security breach.  I have tried finding articles on blank access lists and what I found seems to say that a blank list means no access.

Leo
0
 
Leo EikelmanDirector, IT and Business DevelopmentCommented:
You might not be adding your users correctly or not setting them up correctly.

Try look at this example

http://www.g6ftpserver.com/forum/lofiversion/index.php?t1377.html

Leo
0
 
useport80Author Commented:
yeah i saw that on the web before and i ran dcomcnfg on both servers and they are exactly the same. all settings and all security permissions are identical. i shouldn't have to set explicit permissions since the other server is working without setting specific permissions. is there something else that i can look into?
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
useport80Author Commented:
i removed "domain admins" from the default security tab in default access permissions and it seemed to work. right now in the default access permissions list is empty. nothing is in there and it seems to work. but how can i remove domain admins from the group and then have it work for all users? it would make sense for me to add in a particular user or group and have it work.. but not for me to remove it.  since i removed all groups and users from this list, everything seems to work? but how does it work when no1 is supposed to have access? does a blank list mean "everyone" ?? or when you explicitly add users/groups to the list does it 'mean' ONLY these users/groups?

i just dont understand how it works when i remove domain admins. how can a an access list be blank and allow all accounts to work?

what are the rules or meaning for this defaultaccess permissions? does any1 have a link to a website that can fully explain this access list?
0
 
Leo EikelmanDirector, IT and Business DevelopmentCommented:
I don't know if this is applicable, but you can double check:

http://support.microsoft.com/?kbid=298725


Leo
0
 
useport80Author Commented:
i already found that document with google. didn't help me much. im just wondering what an empty "default access permissions" list means? does it mean every1 has access? or no1 has access? or what?
0
 
Leo EikelmanDirector, IT and Business DevelopmentCommented:
I don't think Microsoft would make a blank access list give permission to everybody by default....

What happens if you ONLY add the administrator?


Leo
0
 
useport80Author Commented:
if i add domain admins the only domain admins will be able to run the login script correctly. i put in my domain account and then i was able to run the login script as well. seems like when there is an entry on this list that it means "allow these groups/users and ONLY them and deny every1 else". when i remove every1 and the list is blank is seems to mean "allow everyone". i have 2 other win2k citrix servers and when i checked on them, there default access list is also empty. appears that an empty list works. i just want to know why. i wish there was a microsoft document or something that can explain the behavior of this setting.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.