asked on

Accessing Clients through Active Directory Denied

Hello,

I have a windows 2000 server with AD & DNS setup on it.

I have a client computer that logs onto the domain of the server computer.

When I go to "A. D. Users and Computers/Computers" I see my client computer. I then right-click on it and select manage and then up comes the management console for the client.

I want to set a share on the client from this point so I click on shares. Then the message "Error 5: Access is Denied" comes up. I have no idea why.

When I click on other parts of the management console similar things happen. For example, when I clicked on "System Summary" I got: "The connection to WS1 could not be established" which I find strange given that the client is logged onto the domain at the time.

I've only just setup this A.D. so I am a newbie. Below is the output from the security analysis:

Any help greatly appreciated.

View Log File
-------------------------------------------
08/12/2007 19:17:15
----Analysis engine is initialized successfully.----

----Reading Configuration info...

----Analyze User Rights...
Analyze SeNetworkLogonRight.
Mismatch - SeNetworkLogonRight.
Analyze SeTcbPrivilege.
Analyze SeMachineAccountPrivilege.
Analyze SeBackupPrivilege.
Analyze SeChangeNotifyPrivilege.
Not Configured - SeChangeNotifyPrivilege.
Analyze SeSystemtimePrivilege.
Analyze SeCreatePagefilePrivilege.
Analyze SeCreateTokenPrivilege.
Analyze SeCreatePermanentPrivilege.
Analyze SeDebugPrivilege.
Analyze SeRemoteShutdownPrivilege.
Analyze SeAuditPrivilege.
Analyze SeIncreaseQuotaPrivilege.
Analyze SeIncreaseBasePriorityPrivilege.
Analyze SeLoadDriverPrivilege.
Analyze SeLockMemoryPrivilege.
Not Configured - SeLockMemoryPrivilege.
Analyze SeBatchLogonRight.
Mismatch - SeBatchLogonRight.
Analyze SeServiceLogonRight.
Not Configured - SeServiceLogonRight.
Analyze SeInteractiveLogonRight.
Not Configured - SeInteractiveLogonRight.
Analyze SeSecurityPrivilege.
Analyze SeSystemEnvironmentPrivilege.
Analyze SeProfileSingleProcessPrivilege.
Analyze SeSystemProfilePrivilege.
Analyze SeAssignPrimaryTokenPrivilege.
Analyze SeRestorePrivilege.
Analyze SeShutdownPrivilege.
Not Configured - SeShutdownPrivilege.
Analyze SeTakeOwnershipPrivilege.
Analyze SeDenyNetworkLogonRight.
Not Configured - SeDenyNetworkLogonRight.
Analyze SeDenyBatchLogonRight.
Not Configured - SeDenyBatchLogonRight.
Analyze SeDenyServiceLogonRight.
Not Configured - SeDenyServiceLogonRight.
Analyze SeDenyInteractiveLogonRight.
Not Configured - SeDenyInteractiveLogonRight.
Analyze SeUndockPrivilege.
Not Configured - SeUndockPrivilege.
Analyze SeSyncAgentPrivilege.
Not Configured - SeSyncAgentPrivilege.
Analyze SeEnableDelegationPrivilege.
Not Configured - SeEnableDelegationPrivilege.
Analyze SeImpersonatePrivilege.
Not Configured - SeImpersonatePrivilege.
Analyze SeCreateGlobalPrivilege.

User Rights analysis completed successfully.

----Reading Configuration info...

----Analyze Group Membership...
Analyze Pre-Windows 2000 Compatible Access.
Not Configured - Pre-Windows 2000 Compatible Access__Members.
Analyze Print Operators.
Not Configured - *S-1-5-32-550__Members.
Analyze Account Operators.
Not Configured - *S-1-5-32-548__Members.
Analyze Server Operators.
Not Configured - *S-1-5-32-549__Members.
Analyze Replicator.
Not Configured - *S-1-5-32-552__Members.
Analyze Backup Operators.
Not Configured - *S-1-5-32-551__Members.
Analyze Guests.
Not Configured - *S-1-5-32-546__Members.
Analyze Users.
Not Configured - *S-1-5-32-545__Members.
Analyze Administrators.
Not Configured - *S-1-5-32-544__Members.

Group Membership analysis completed successfully.

----Reading Configuration info...

----Analyze Registry Keys...
Not Configured - CLASSES_ROOT.
Not Configured - users.
Not Configured - users\.default\software\microsoft\protected storage system provider.
0 mismatches are found under users.
Not Configured - machine.
Mismatch - machine\software\microsoft\EventSystem\{26c409cc-ae86-11d1-b616-00805fc79216}\Subscriptions\{3CE5891C-0268-4DA9-BFBE-F81CF6EAE7E3}.
Not Configured - machine\software\microsoft\protected storage system provider.
Not Configured - machine\software\microsoft\windows\currentversion\group policy.
Not Configured - machine\software\microsoft\windows\currentversion\installer.
Not Configured - machine\software\microsoft\windows\currentversion\policies.
Mismatch - machine\software\microsoft\windows nt\currentversion\Print\Printers.
Not Configured - machine\software\microsoft\windows nt\currentversion\perflib\009.
Not Configured - machine\software\microsoft\windows nt\currentversion\profilelist.
Mismatch - machine\software\policies.
Mismatch - machine\system\RAdmin\v2.0\Server\iplist.
Mismatch - machine\system\RAdmin\v2.0\Server\NtUsers.
Mismatch - machine\system\RAdmin\v2.0\Server\Parameters.
Not Configured - machine\system\clone.
Not Configured - machine\system\controlset001.
Not Configured - machine\system\controlset002.
Not Configured - machine\system\controlset003.
Not Configured - machine\system\controlset004.
Not Configured - machine\system\controlset005.
Not Configured - machine\system\controlset006.
Not Configured - machine\system\controlset007.
Not Configured - machine\system\controlset008.
Not Configured - machine\system\controlset009.
Not Configured - machine\system\controlset010.
Mismatch - machine\system\currentcontrolset\control\NetworkProvider\HwOrder.
Mismatch - machine\system\currentcontrolset\control\ServiceCurrent.
Not Configured - machine\system\currentcontrolset\control\class.
Not Configured - machine\system\currentcontrolset\enum.
Not Configured - machine\system\currentcontrolset\hardware profiles.
8 mismatches are found under machine.

Registry keys analysis completed successfully.

----Reading Configuration info...

----Analyze File Security...
Not Configured - F:.
Not Configured - c:\.
Warning 2: The system cannot find the file specified.
Error querying security of c:\ntbootdd.sys.
Not Available - c:\ntbootdd.sys.
Mismatch - c:\winnt\ntfrs.
Mismatch - c:\winnt\SYSVOL\staging\domain.
Mismatch - c:\winnt\debug\NtFrs_0002.log.
Mismatch - c:\winnt\debug\NtFrs_0003.log.
Mismatch - c:\winnt\debug\NtFrs_0004.log.
Mismatch - c:\winnt\debug\NtFrs_0005.log.
Not Configured - c:\winnt\installer.
Not Configured - c:\winnt\profiles.
Mismatch - c:\winnt\security\Database\secedit.sdb.
Mismatch - c:\winnt\system32\inetsrv\MetaBase.bin.
Not Configured - c:\winnt\system32\ntmsdata.
Not Configured - c:\winnt\tasks.
8 mismatches are found under c:\.

File security analysis completed successfully.

----Analyze General Service Settings...
Analyze WZCSVC.
Not Configured - WZCSVC.
Analyze wuauserv.
Not Configured - wuauserv.
Analyze Wmi.
Not Configured - Wmi.
Analyze WMDM PMSP Service.
Not Configured - WMDM PMSP Service.
Analyze WINS.
Not Configured - WINS.
Analyze WinMgmt.
Not Configured - WinMgmt.
Analyze WinMBR.
Not Configured - WinMBR.
Analyze W3SVC.
Not Configured - W3SVC.
Analyze W32Time.
Not Configured - W32Time.
Analyze UtilMan.
Not Configured - UtilMan.
Analyze UPS.
Not Configured - UPS.
Analyze TrkWks.
Not Configured - TrkWks.
Analyze TrkSvr.
Not Configured - TrkSvr.
Analyze TlntSvr.
Not Configured - TlntSvr.
Analyze TermService.
Not Configured - TermService.
Analyze TapiSrv.
Not Configured - TapiSrv.
Analyze SysmonLog.
Not Configured - SysmonLog.
Analyze StiSvc.
Not Configured - StiSvc.
Analyze Spooler.
Not Configured - Spooler.
Analyze SNMPTRAP.
Not Configured - SNMPTRAP.
Analyze SNMP.
Not Configured - SNMP.
Analyze SMTPSVC.
Not Configured - SMTPSVC.
Analyze SimpTcp.
Not Configured - SimpTcp.
Analyze SharedAccess.
Not Configured - SharedAccess.
Analyze SENS.
Not Configured - SENS.
Analyze seclogon.
Not Configured - seclogon.
Analyze Schedule.
Not Configured - Schedule.
Analyze SCardSvr.
Not Configured - SCardSvr.
Analyze SCardDrv.
Not Configured - SCardDrv.
Analyze SamSs.
Not Configured - SamSs.
Analyze r_server.
Not Configured - r_server.
Analyze RSVP.
Not Configured - RSVP.
Analyze RpcSs.
Not Configured - RpcSs.
Analyze RpcLocator.
Not Configured - RpcLocator.
Analyze RemoteRegistry.
Not Configured - RemoteRegistry.
Analyze RemoteAccess.
Not Configured - RemoteAccess.
Analyze RasMan.
Not Configured - RasMan.
Analyze RasAuto.
Not Configured - RasAuto.
Analyze ProtectedStorage.
Not Configured - ProtectedStorage.
Analyze PolicyAgent.
Not Configured - PolicyAgent.
Analyze PlugPlay.
Not Configured - PlugPlay.
Analyze NtmsSvc.
Not Configured - NtmsSvc.
Analyze NtLmSsp.
Not Configured - NtLmSsp.
Analyze NtFrs.
Not Configured - NtFrs.
Analyze NntpSvc.
Not Configured - NntpSvc.
Analyze Netman.
Not Configured - Netman.
Analyze Netlogon.
Not Configured - Netlogon.
Analyze NetDDEdsdm.
Not Configured - NetDDEdsdm.
Analyze NetDDE.
Not Configured - NetDDE.
Analyze MySQL.
Not Configured - MySQL.
Analyze MSIServer.
Not Configured - MSIServer.
Analyze MSFTPSVC.
Not Configured - MSFTPSVC.
Analyze MSDTC.
Not Configured - MSDTC.
Analyze mnmsrvc.
Not Configured - mnmsrvc.
Analyze Messenger.
Not Configured - Messenger.
Analyze LmHosts.
Not Configured - LmHosts.
Analyze LicenseService.
Not Configured - LicenseService.
Analyze LDAPSVCX.
Not Configured - LDAPSVCX.
Analyze lanmanworkstation.
Not Configured - lanmanworkstation.
Analyze lanmanserver.
Not Configured - lanmanserver.
Analyze kdc.
Not Configured - kdc.
Analyze IsmServ.
Not Configured - IsmServ.
Analyze IISADMIN.
Not Configured - IISADMIN.
Analyze IAS.
Not Configured - IAS.
Analyze Fax.
Not Configured - Fax.
Analyze EventSystem.
Not Configured - EventSystem.
Analyze Eventlog.
Not Configured - Eventlog.
Analyze Dnscache.
Not Configured - Dnscache.
Analyze DNS.
Not Configured - DNS.
Analyze dmserver.
Not Configured - dmserver.
Analyze dmadmin.
Not Configured - dmadmin.
Analyze Dhcp.
Not Configured - Dhcp.
Analyze Dfs.
Not Configured - Dfs.
Analyze clr_optimization_v2.0.50727_32.
Not Configured - clr_optimization_v2.0.50727_32.
Analyze ClipSrv.
Not Configured - ClipSrv.
Analyze cisvc.
Not Configured - cisvc.
Analyze Browser.
Not Configured - Browser.
Analyze brmfrmps.
Not Configured - brmfrmps.
Analyze brmfbags.
Not Configured - brmfbags.
Analyze BITS.
Not Configured - BITS.
Analyze aspnet_state.
Not Configured - aspnet_state.
Analyze AppMgmt.
Not Configured - AppMgmt.
Analyze Alerter.
Not Configured - Alerter.
Analyze Adobe LM Service.
Not Configured - Adobe LM Service.

General Service analysis completed successfully.

----Analyze available attachment engines...
Load attachment LanManServer.
LanManServer: Query configuration information

Attachment engines analysis completed successfully.

----Reading Configuration info...

----Analyze Security Policy...
Mismatch - MaximumPasswordAge.
Mismatch - MinimumPasswordAge.
Analyze password information.
Analyze account lockout information.
Mismatch - ForceLogOffWhenHourExpire.
Analyze account force logoff information.
Not Configured - NewAdministratorName.
Warning 5: Access is denied.
Error analyzing guest account.
Not Available - SecureSystemPartition.

System Access analysis completed with error.
Analyze log settings.
Not Configured - AuditSystemEvents.
Analyze event audit settings.
Not Configured - CrashOnAuditFull.

Audit/Log analysis completed successfully.
Mismatch - MaxTicketAge.
Mismatch - MaxServiceAge.
Mismatch - TicketValidateClient.
Analyze kerberos policy.

Kerberos policy analysis completed successfully.
Analyze machine\software\microsoft\driver signing\policy.
Mismatch - machine\software\microsoft\driver signing\policy.
Analyze machine\software\microsoft\non-driver signing\policy.
Mismatch - machine\software\microsoft\non-driver signing\policy.
Analyze machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\securitylevel.
Analyze machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Mismatch - machine\software\microsoft\windows nt\currentversion\setup\recoveryconsole\setcommand.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
Mismatch - machine\software\microsoft\windows nt\currentversion\winlogon\allocatecdroms.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatedasd.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\allocatefloppies.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
Mismatch - machine\software\microsoft\windows nt\currentversion\winlogon\cachedlogonscount.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
Mismatch - machine\software\microsoft\windows nt\currentversion\winlogon\passwordexpirywarning.
Analyze machine\software\microsoft\windows nt\currentversion\winlogon\scremoveoption.
Analyze machine\software\microsoft\windows\currentversion\policies\system\disablecad.
Mismatch - machine\software\microsoft\windows\currentversion\policies\system\disablecad.
Analyze machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Mismatch - machine\software\microsoft\windows\currentversion\policies\system\dontdisplaylastusername.
Analyze machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Mismatch - machine\software\microsoft\windows\currentversion\policies\system\legalnoticecaption.
Analyze machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Mismatch - machine\software\microsoft\windows\currentversion\policies\system\legalnoticetext.
Analyze machine\software\microsoft\windows\currentversion\policies\system\shutdownwithoutlogon.
Analyze machine\system\currentcontrolset\control\lsa\auditbaseobjects.
Analyze machine\system\currentcontrolset\control\lsa\crashonauditfail.
Analyze machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Mismatch - machine\system\currentcontrolset\control\lsa\fullprivilegeauditing.
Analyze machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Mismatch - machine\system\currentcontrolset\control\lsa\lmcompatibilitylevel.
Analyze machine\system\currentcontrolset\control\lsa\restrictanonymous.
Mismatch - machine\system\currentcontrolset\control\lsa\restrictanonymous.
Analyze machine\system\currentcontrolset\control\lsa\submitcontrol.
Analyze machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Mismatch - machine\system\currentcontrolset\control\print\providers\lanman print services\servers\addprinterdrivers.
Analyze machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Mismatch - machine\system\currentcontrolset\control\session manager\memory management\clearpagefileatshutdown.
Analyze machine\system\currentcontrolset\control\session manager\protectionmode.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Mismatch - machine\system\currentcontrolset\services\lanmanserver\parameters\autodisconnect.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Mismatch - machine\system\currentcontrolset\services\lanmanserver\parameters\enableforcedlogoff.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\enablesecuritysignature.
Analyze machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Mismatch - machine\system\currentcontrolset\services\lanmanserver\parameters\requiresecuritysignature.
Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\enableplaintextpassword.
Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\enablesecuritysignature.
Analyze machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Mismatch - machine\system\currentcontrolset\services\lanmanworkstation\parameters\requiresecuritysignature.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
Mismatch - machine\system\currentcontrolset\services\netlogon\parameters\disablepasswordchange.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\requiresignorseal.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\requirestrongkey.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
Mismatch - machine\system\currentcontrolset\services\netlogon\parameters\sealsecurechannel.
Analyze machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.
Mismatch - machine\system\currentcontrolset\services\netlogon\parameters\signsecurechannel.

Registry values analysis completed successfully.

----Analyze available attachment engines...

Attachment engines analysis completed successfully.

----Un-initialize analysis engine...
Warning 5: Access is denied.
Error occurs.

Radar07

What OS is the client running? You may not have administrative rights on the client which results in limited functionality in Computer Management.

Also, check the client firewall settings. Turn it off for testing if you can isolate your network from your Internet connection.