D B
asked on
WMI Not Working
I have some rather extensive WMI scripting in a VB6 application we use for inventorying our computers. Everything has worked great until last week when we started rolling some new machines out. They are Dell computers with Windows XP. The previous machines were also Dell computers with a mix and match of Windows 2000 and Windows XP. Now whenever I try to connect to one of these machines through WMI (remote) I get the error, "Access is Denied" with an error number of -2147024891.
The connection string I am using is:
Set objWMIService = objLocator.ConnectServer(s IP, "root/cimv2", sUID, sPwd)
As I indicated, this has worked since this past February when I added WMI to the process (we can get complete inventory of resources, etc on a computer and even have a batch job that will pull all information from all computers on the network.
I have checked on a couple of the machines and the WMI service is started and running. Any suggestions/ideas????
Doug
The connection string I am using is:
Set objWMIService = objLocator.ConnectServer(s
As I indicated, this has worked since this past February when I added WMI to the process (we can get complete inventory of resources, etc on a computer and even have a batch job that will pull all information from all computers on the network.
I have checked on a couple of the machines and the WMI service is started and running. Any suggestions/ideas????
Doug
If you're encountering the problem only on Windows XP machines with SP2, then that sounds like the Firewall. If that's the case, try turning OFF the Firewall and try again and see if it works.
ASKER
It is not the firewall. It is already turned off.
Knee-jerk reaction here - has the password changed?
Other than that, I'd say perhaps there was some policy setting that was changed on the other machines that is not the default.
Unfortunately, you can't be certain of what that is/was.
You could run the resultant policy applet:
click Start->Run->RSOP.MSC <Enter>
on both machines and compare the results.
And/or check the membership of the device in your domain (are these on a domain?)
Have the systems been added to the domain, if so?
Try this as well:
Start->Run->secpol.msc <enter>
Under Local Policies\User Rights Assignment
Check the Log on as a batch job / Log on as a service policies - compare them to a working machine...
Good luck!
~sirbounty
Other than that, I'd say perhaps there was some policy setting that was changed on the other machines that is not the default.
Unfortunately, you can't be certain of what that is/was.
You could run the resultant policy applet:
click Start->Run->RSOP.MSC <Enter>
on both machines and compare the results.
And/or check the membership of the device in your domain (are these on a domain?)
Have the systems been added to the domain, if so?
Try this as well:
Start->Run->secpol.msc <enter>
Under Local Policies\User Rights Assignment
Check the Log on as a batch job / Log on as a service policies - compare them to a working machine...
Good luck!
~sirbounty
Are all the machines on the same domain?
Do all machines have the same username and password, ie, Administrator?
This could be a security issue. You could easily check by following these simple steps:
1. Go the the Command Prompt (Start->Run->cmd->OK)
2. Type: "dir \\machine2\c$" without the quotes and press Enter where machine2 is the name of the other machine
3. Now, examine the error message that is return by the DIR command and see If you get something like "Logon failure unknown username or bad password"
Do all machines have the same username and password, ie, Administrator?
This could be a security issue. You could easily check by following these simple steps:
1. Go the the Command Prompt (Start->Run->cmd->OK)
2. Type: "dir \\machine2\c$" without the quotes and press Enter where machine2 is the name of the other machine
3. Now, examine the error message that is return by the DIR command and see If you get something like "Logon failure unknown username or bad password"
ASKER
No policy changes at all that I am aware of. We set up a standard password for the administrator. We also use VNC quite extensively for user support (it still works).
No domains.
No domains.
Right click My Computer to go manage
Then choose WMI Control under Services and Applications go to properties
There you can see what security root and other services have. If you can't get this far (on anothers machine) then you have a permissions problem.
Then choose WMI Control under Services and Applications go to properties
There you can see what security root and other services have. If you can't get this far (on anothers machine) then you have a permissions problem.
Hi Doug,
Could this be a Windows Firewall or DCOM issue? Check this.
Connecting Through Windows Firewall:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/connecting_through_windows_firewall.asp
Could this be a Windows Firewall or DCOM issue? Check this.
Connecting Through Windows Firewall:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/wmisdk/wmi/connecting_through_windows_firewall.asp
Also:
How to troubleshoot WMI-related issues in Windows XP SP2:
http://support.microsoft.com/kb/875605
How to troubleshoot WMI-related issues in Windows XP SP2:
http://support.microsoft.com/kb/875605
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Mytyhal:
Your first suggestion regarding changing the policy under Network access: Sharing and security model for local accounts fixed the problem. Now, does anyone know of a script we can force out to all users to make the change globally (we have Altiris). I am NOT a Windows programmer so would not have the foggiest idea of how to do it.
Thanks,
Doug
Your first suggestion regarding changing the policy under Network access: Sharing and security model for local accounts fixed the problem. Now, does anyone know of a script we can force out to all users to make the change globally (we have Altiris). I am NOT a Windows programmer so would not have the foggiest idea of how to do it.
Thanks,
Doug
ASKER
Better yet, does anyone know (I assume) what registry setting(s) are involved when this change is made? If it is something we could set remotely through Altrris, that would make it easy enough.
Doug
Doug
Glad it works
I belive the registry that is changing is in
HKLM\System\CurrentControl Set\Contro l\LSA
it is called forceguest
to turn it off change the value to 0
I belive the registry that is changing is in
HKLM\System\CurrentControl
it is called forceguest
to turn it off change the value to 0
ASKER
Thanks. Actualy, I did an export of my registry, changed the setting and did another export then compared the two files. That is the same key/value I had found.
Doug
Doug