Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-04-2010 02:33 PM
Hello,
I have managed to scan my domain machines with a domain user account instead of a domain admin account. I have granted this user the correct rights so I can remotely access these machines by wmi. This works, I get the wmi information that is needed. However, in the error log in the web interface from the host I get errors on the enumeration of the devices (usbcontroller, cdrom etc).
Does anyone have experience how to set the security for user account to enumerate hardware devices?
Regards,
Paul
I have managed to scan my domain machines with a domain user account instead of a domain admin account. I have granted this user the correct rights so I can remotely access these machines by wmi. This works, I get the wmi information that is needed. However, in the error log in the web interface from the host I get errors on the enumeration of the devices (usbcontroller, cdrom etc).
Does anyone have experience how to set the security for user account to enumerate hardware devices?
Regards,
Paul
Labels:
- Labels:
-
Archive
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-05-2010 06:39 PM
Do you have a group policy somewhere with "restricted groups"?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-05-2010 05:51 PM
I am lost.
When i put the user directly in the Administrators group I can connect through wmi.
When I put the user in a global group, and I put that global group in the local administrators group, I cannot connect.
Process monitor doesn't show any access denied, I can see the process wmiprvse.exe reading the registry as the NT AUTHORITY\SYSTEM account with no errors.
However, I still cannot connect to wmi.
A member of the Domain Admins group, who are also member of tjhe local Administrators group can connect through wmi.
When i put the user directly in the Administrators group I can connect through wmi.
When I put the user in a global group, and I put that global group in the local administrators group, I cannot connect.
Process monitor doesn't show any access denied, I can see the process wmiprvse.exe reading the registry as the NT AUTHORITY\SYSTEM account with no errors.
However, I still cannot connect to wmi.
A member of the Domain Admins group, who are also member of tjhe local Administrators group can connect through wmi.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-05-2010 03:40 PM
I don't think I can solve this.
So what I have done is created a global group and placed the lansweeper account in this group. This group I have added to the local Administrators group of every servers.
I Still get errors on the servers. If I add the user directly in the local administrators group I don't get these errors, what's up with that?
We have the policy that we dont put users in local groups, we only put global groups in local groups.
So what I have done is created a global group and placed the lansweeper account in this group. This group I have added to the local Administrators group of every servers.
I Still get errors on the servers. If I add the user directly in the local administrators group I don't get these errors, what's up with that?
We have the policy that we dont put users in local groups, we only put global groups in local groups.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-05-2010 03:58 PM
kbc-clearing wrote:
So what I have done is created a global group and placed the lansweeper account in this group. This group I have added to the local Administrators group of every servers.
That should work, that how many people do it.
Maybe the user is also in a group that's denied access somewhere?
You can use sysinternals process monitor to see what's going on when you perform a scan.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-04-2010 05:36 PM
This page might help (Q8)
http://technet.microsoft.com/en-us/library/ee692772.aspx
http://technet.microsoft.com/en-us/library/ee692772.aspx
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-04-2010 05:15 PM
So you don't know how I can give a restrictive set of rights to a ordinary user?
I am already able to connect through wmi, the only thing that doesn't work is the enumeration of devices. The enumeration of services is also working. I find a bit "much" to be local administrator for a few wmi requests.
I am already able to connect through wmi, the only thing that doesn't work is the enumeration of devices. The enumeration of services is also working. I find a bit "much" to be local administrator for a few wmi requests.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-04-2010 03:38 PM
The user doesn't need domain admin privileges but he does need administrative permissions on the client to scan.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-04-2010 03:34 PM
Hello,
I get this error on the followiing devices:
Usbcontroller Generic failure 03/04/2010 13:07:30
Tape Generic failure 03/04/2010 13:07:30
Scsi Provider failure 03/04/2010 13:07:30
Pcmcia Generic failure 03/04/2010 13:07:29
Infrared Generic failure 03/04/2010 13:07:28
Idecontroller Generic failure 03/04/2010 13:07:28
Diskpartition Generic failure 03/04/2010 13:07:28
Cdrom Generic failure 03/04/2010 13:07:23
Bus Generic failure 03/04/2010 13:07:23
Floppy Generic failure 03/04/2010 13:07:22
I will run the scan on a machine where I have administrative rights.
I get this error on the followiing devices:
Usbcontroller Generic failure 03/04/2010 13:07:30
Tape Generic failure 03/04/2010 13:07:30
Scsi Provider failure 03/04/2010 13:07:30
Pcmcia Generic failure 03/04/2010 13:07:29
Infrared Generic failure 03/04/2010 13:07:28
Idecontroller Generic failure 03/04/2010 13:07:28
Diskpartition Generic failure 03/04/2010 13:07:28
Cdrom Generic failure 03/04/2010 13:07:23
Bus Generic failure 03/04/2010 13:07:23
Floppy Generic failure 03/04/2010 13:07:22
I will run the scan on a machine where I have administrative rights.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎03-04-2010 02:45 PM
Do you get this for all devices?
you can get CDrom errors if there is no cdrom in the computer.
you can get CDrom errors if there is no cdrom in the computer.
