Reference link http://www.lansweeper.com/kb/WMI-Access-is-denied.aspx
1) make sure that the "Windows Management Instrumentation" service is set to automatic and is started on the client.
2) Make sure that DCOM is enabled on the client.
2) Make sure that DCOM is enabled on the client.
3) Check the Com Security security settings.
Access Permissions: Edit Default...
Self (Local access, Remote access)
System (Local access)
Administrators (Local access, Remote access) !!important
Launch and Activation Permissions: Edit Default...
System (Local launch, Local activation)
Administrators (Local launch, Remote launch, Local activation, Remote activation) !!important
Interactive (Local launch, Local activation)
To make it easier you can reset DCOM to the default permission from this registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
Make sure EnableDCOM is set to Y
Delete all other values in this key (don't delete any subkeys)
Access Permissions: Edit Default...Self (Local access, Remote access)
System (Local access)
Administrators (Local access, Remote access) !!important
Launch and Activation Permissions: Edit Default...
System (Local launch, Local activation)
Administrators (Local launch, Remote launch, Local activation, Remote activation) !!important
Interactive (Local launch, Local activation)
To make it easier you can reset DCOM to the default permission from this registry key:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole
Make sure EnableDCOM is set to Y
Delete all other values in this key (don't delete any subkeys)
4) Only necessary for workgroup computers:
If you are scanning Windows Vista or Windows 7 in a workgroup you need to disable UAC (for computers in a domain this is not required)
More info on this link: Handling_remote_connections_under_uac
If you are scanning Windows Vista or Windows 7 in a workgroup you need to disable UAC (for computers in a domain this is not required)
More info on this link: Handling_remote_connections_under_uac
· Optionally you can disable UAC for remote administrator only:
Start "regedit.exe"
Go to key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system
Create new Dword value: LocalAccountTokenFilterPolicy
Set LocalAccountTokenFilterPolicy to "1"
Start "regedit.exe"
Go to key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system
Create new Dword value: LocalAccountTokenFilterPolicy
Set LocalAccountTokenFilterPolicy to "1"
· Set Classic security model:
Start/run "secpol.msc"
Navigate to Local Policies\Security Options
Network Access: Sharing security model for local accounts - Set to Classic
Restart the computer.
Start/run "secpol.msc"
Navigate to Local Policies\Security Options
Network Access: Sharing security model for local accounts - Set to Classic
Restart the computer.
5) Make sure that the user running the Lansweeper service is an administrator on the computer. (Check if the "Domain domain" admins is still part of the local administrator group)
6) If you are sure that everything is configured correctly on this computer and all your clients are affected by this problem, check if the server running the service is configured correctly.
7) If WMI still doesn't work download the WMI Diagnose tools from microsoft. (check both your server and your clients)
7) If WMI still doesn't work download the WMI Diagnose tools from microsoft. (check both your server and your clients)
9) If you are sure that everything is set up correctly and you still get this error you can try removing and re-adding the computer to the domain as last resort.
沒有留言:
張貼留言