[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

ERROR : permission denied ... weird login script error

Posted on 2006-04-19
9
Medium Priority
?
740 Views
Last Modified: 2012-08-14
hey all,
   im having an issue with one particular server. i have a vbs login script that basically launches internet explorer and then maps users drives and what not. i have cut and pasted a part of the script below. basically one server1 i get an error when a user logs in. i get an error at the Set objMSIE = CreateObject("InternetExplorer.Application") part. it wont launch internet explorer and thus can't run the login script. on server #2 which is supposed to be identical to server1, everything works great.

part of the script:
Set objNetwork = createObject("WScript.Network")
Set objFileSystem = createObject("Scripting.FileSystemObject")
Set objShell = createObject("WScript.Shell")
Set objMSIE = CreateObject("InternetExplorer.Application")

error :
permission denied: 'createobject'
code : 800a0046

is there any reason why i would be getting permissions denied ? if i use a domain admin account(which is a member of the local admin group on server1 and server2) then the script runs flawlessly. if i use ANY other level access that is NOT a domain admin then it doesn't work. i have explicitly added a bunch of user accounts to the local admin group on server1, and they still get the error message. so it seems like you have to be a domain admin for this to work. which is odd. having full access to the particular server doesnt work.

this login scipt has been in production for years and has never had any issues. server1 is a win2000 citrix server and is the only server here that gets this issue. both server1 and server2 are in the same active directory ous and get the same group policies and what not. its just odd how im getting permissions issues with server1 and not server2. so something must be different. how should i go about resolving this? i dont even know where to start. i have tried launching the script manually by copying to the server and double clicking on the vbs script and it still errors out. please let me know if you need more information...


thanks all :)
0
Comment
Question by:useport80
  • 4
  • 4
8 Comments
 
LVL 8

Expert Comment

by:Leo Eikelman
ID: 16489733
You might not be adding your users correctly or not setting them up correctly.

Try look at this example

http://www.g6ftpserver.com/forum/lofiversion/index.php?t1377.html

Leo
0
 

Author Comment

by:useport80
ID: 16489811
yeah i saw that on the web before and i ran dcomcnfg on both servers and they are exactly the same. all settings and all security permissions are identical. i shouldn't have to set explicit permissions since the other server is working without setting specific permissions. is there something else that i can look into?
0
 

Author Comment

by:useport80
ID: 16492308
i removed "domain admins" from the default security tab in default access permissions and it seemed to work. right now in the default access permissions list is empty. nothing is in there and it seems to work. but how can i remove domain admins from the group and then have it work for all users? it would make sense for me to add in a particular user or group and have it work.. but not for me to remove it.  since i removed all groups and users from this list, everything seems to work? but how does it work when no1 is supposed to have access? does a blank list mean "everyone" ?? or when you explicitly add users/groups to the list does it 'mean' ONLY these users/groups?

i just dont understand how it works when i remove domain admins. how can a an access list be blank and allow all accounts to work?

what are the rules or meaning for this defaultaccess permissions? does any1 have a link to a website that can fully explain this access list?
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 8

Expert Comment

by:Leo Eikelman
ID: 16497548
I don't know if this is applicable, but you can double check:

http://support.microsoft.com/?kbid=298725


Leo
0
 

Author Comment

by:useport80
ID: 16497789
i already found that document with google. didn't help me much. im just wondering what an empty "default access permissions" list means? does it mean every1 has access? or no1 has access? or what?
0
 
LVL 8

Expert Comment

by:Leo Eikelman
ID: 16497829
I don't think Microsoft would make a blank access list give permission to everybody by default....

What happens if you ONLY add the administrator?


Leo
0
 

Author Comment

by:useport80
ID: 16497873
if i add domain admins the only domain admins will be able to run the login script correctly. i put in my domain account and then i was able to run the login script as well. seems like when there is an entry on this list that it means "allow these groups/users and ONLY them and deny every1 else". when i remove every1 and the list is blank is seems to mean "allow everyone". i have 2 other win2k citrix servers and when i checked on them, there default access list is also empty. appears that an empty list works. i just want to know why. i wish there was a microsoft document or something that can explain the behavior of this setting.
0
 
LVL 8

Accepted Solution

by:
Leo Eikelman earned 2000 total points
ID: 16498070
I think something must be corrupt on your server boxes because I think giving EVERYONE rights by default would be a security breach.  I have tried finding articles on blank access lists and what I found seems to say that a blank list means no access.

Leo
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When trying to find the cause of a problem in VBA or VB6 it's often valuable to know what procedures were executed prior to the error. You can use the Call Stack for that but it is often inadequate because it may show procedures you aren't intereste…
This article describes how to use a set of graphical playing cards to create a Draw Poker game in Excel or VB6.
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question