Remotley managing XP Pro systems

[Jack Wray]

All,

I am having an issue with xp systems on my network. All systems are joined
to a NT domain. All systems have domain admins in the local admin group.
However, all systems are showing the same problem, access denied to the even
logs and registry. I use many scripts to monitor patches and access to the
registry is a must..Needless to say, access to the even logs is nice too

I have looked into the force guest policy and that's not it.. Any idea would
be great.

Jack

 

[Steven L Umbach]

I would first logon to one of those machines locally to see if you can do those
tasks. If you can then it is a network access problem and the things I would check
are on XP computer are. -- The ICF firewall needs to be disabled or any ipsec
policies blocking ports for file and print sharing. File and print sharing needs to
be installed/bound and the server service running. Remote registry service needs to
be running. You need the user right to access this computer from the network on those
computers. If none of that pans out try temporarily disabling the four security
options for "digitally sign communications" if you are accessing from a W2K
chine. --- Steve

 

[Steven L Umbach]

By logging on locally, I meant interactive logon with the same domain administrators
account you are using to try to gain remote access. --- Steve

 

[Jack Wray]

thanks Steve,

I will give it a shot in the morning and let you know... BTW, i can access
all the mentioned thing interactively so it is a remote access issue..
Anyways, i will let you know.

thanks again for the quick response.

Jack

 

[Jack Wray]

Steve,

This is what i have come up with so far.

Not able to access the following remotely
Event Logs
Registry keys beyond HKLM ( can see the subkeys but not able to open them)
Processes

I can access the following
User & Groups ( manage them as well )
User rights policies ( manage as well )
Admin shares ( full access )

So, file and print sharing is working, remote registry service is running
and the machine knows that i have admin rights. I will keep looking but any
ideas would be helpful.

 

[Steven L Umbach]

You say you are in a NT domain - do you mean NT4.0? What is the operating system is
on the computer that you are using to try to access from? Are the XP machines using
default Local Security Policy configuration or close to it? --- Steve

 

[Jack Wray]

Steve,

NT 4.0 domain.. Admin machine is windows 2000. And the local security
policies are pretty close to default. Still looking.. thanks agian for your
help

 

[Steven L Umbach]

OK Good luck. My guess is that it is a security option - probably a network access:
one, and there are a lot of them on XP. The one that comes to mind, and this is just
a guess, is the "let everyone permissions apply to anonymous users" since this is a
NT4.0 domain. --- Steve

 

[Roger Abell]

Just curious on this, but in the XP policy for lanmanager
protocols is the XP set to allow NTLM v2 or is it in
the often seen default of LM and NTLM (which excludes
NTLM v2) ?

 

[Steven L Umbach]

I was thinking that too, but he can access administrative shares and manage
users which tells me that lan man level is compatible yet he can not access
Event Viewer logs or parts of the registry. I know there is a security
option for registry access paths via netwok, but the part about not
accessing Event Viewer is curious since he can access it locally?? Probably
a packet capture of the sequence would help. --- Steve

 

[Roger Abell]

It seems that we are seeing a small number of these
"selective" remoting issues. I am just wondering what
added tightening, perhaps in recent RPC patches, have
forced more restrictive tolerances on what SSPI negotiation
is acceptible for which administrative access.
Here I was thinking that downlevel security provider might
be accepted for network share type accesses (event log,
file shares, etc.) but not for COM/WMI based accesses.

Needless to say, I have noticed us both banging our heads
against these posts.

 

[Steven L Umbach]

Thanks for your interesting thoughts. I am about out of ideas. It would be
interesting to see if he would have success administering from a like configured XP
machine. --- Steve

 

[Jack Wray]

Wow... more activity this weekend... I did try to access the said machines
with another xp system and it does the same thing as it did from a windows
2k system. I have also come across one more strange thing.. It seems that
the xp systems are not running the secedit command on my login script
either. So these systems are pretty much a base load. Boy this is giving me
a headache I am now parsing the output of the security and analysis
snap-in checking the differences.

 

[Steven L Umbach]

Thanks for posting back. Having not actually experienced your problem, I am about out
of ideas. As far as secedit. Try running it as a startup script on one of the XP
computers - that I know should work. Since you do not have W2K domain controller, you
would have to configure that to have via Local Group Policy machine configuration on
a test machine. --- Steve

http://www.microsoft.com/technet/tr...ddocs/gptext_assigncomputerstartupscripts.asp
http://tinyurl.com/tjkq -- In case of wrap.

 

[Roger Abell]

Yes, please keep us posted . . .

--
Roger

Wow... more activity this weekend... I did try to access the said machines
with another xp system and it does the same thing as it did from a windows
2k system. I have also come across one more strange thing.. It seems that
the xp systems are not running the secedit command on my login script
either. So these systems are pretty much a base load. Boy this is giving me
a headache I am now parsing the output of the security and analysis
snap-in checking the differences.


agian service

 

[ricky]

Wow... more activity this weekend... I did try to access the said machines
with another xp system and it does the same thing as it did from a windows
2k system. I have also come across one more strange thing.. It seems that
the xp systems are not running the secedit command on my login script
either. So these systems are pretty much a base load. Boy this is giving me
a headache I am now parsing the output of the security and analysis
snap-in checking the differences.


agian service

 

[Guest]

Your problem
This happened during an upgrade, machine has lost security access to its own registry.. Not because of anything you did, I still haven't figured out why this happened

Here is your solution..
drill down to WinReg key and add service security.

Step to fix
Open regedit on the problem machine.
Go t
HKL
SYSTE
CurrentControlSe
Contro
Securepipeserver
On winreg, right click and select Permission... add the Local Service account and give it read access

Close it and then remotely manage away.

Have a good day..

Clif
CliffHarrison@no_spamHotmail.com

 

[Jack Wray]

Cliff,

thanks for the idea but it didn't help. BTW systems are fresh installs.

Your problem:
This happened during an upgrade, machine has lost security access to its

own registry.. Not because of anything you did, I still haven't figured out
why this happened.

Here is your solution...
drill down to WinReg key and add service security..

Step to fix:
Open regedit on the problem machine..
Go to
HKLM
SYSTEM
CurrentControlSet
Control
Securepipeservers
On winreg, right click and select Permission... add the Local Service

account and give it read access.

 

[Jack Wray]

may have spoke too soon... looking into again.. keep your fingers crossed

Your problem:
This happened during an upgrade, machine has lost security access to its

own registry.. Not because of anything you did, I still haven't figured out
why this happened.

Here is your solution...
drill down to WinReg key and add service security..

Step to fix:
Open regedit on the problem machine..
Go to
HKLM
SYSTEM
CurrentControlSet
Control
Securepipeservers
On winreg, right click and select Permission... add the Local Service

account and give it read access.

 

[Jack Wray]

Cliff,

YOU ARE THE MAN!!!
I gave the local service account read access to the reg key and booooooom..
all is well in the world again.Where did you find the fix??

thank you very much.

Your problem:
This happened during an upgrade, machine has lost security access to its

own registry.. Not because of anything you did, I still haven't figured out
why this happened.

Here is your solution...
drill down to WinReg key and add service security..

Step to fix:
Open regedit on the problem machine..
Go to
HKLM
SYSTEM
CurrentControlSet
Control
Securepipeservers
On winreg, right click and select Permission... add the Local Service

account and give it read access.