2010年12月26日 星期日

How to fix WMI Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))


1) make sure that the "Windows Management Instrumentation" service is set to automatic and is started on the client.

http://c1330262.cdn.cloudfiles.rackspacecloud.com/kb/images/wmiservice.jpg

2) Make sure that DCOM is enabled on the client.

http://c1330262.cdn.cloudfiles.rackspacecloud.com/kb/images/dcom1.jpg
http://c1330262.cdn.cloudfiles.rackspacecloud.com/kb/images/dcom2.jpg

http://c1330262.cdn.cloudfiles.rackspacecloud.com/kb/images/dcom3.jpg
3) Check the Com Security security settings.
http://www.lansweeper.com/kb/images/dcoms1.jpg
Access Permissions: Edit Default...
Self (Local access, Remote access)
System (Local access)
Administrators (Local access, Remote access) !!important
Launch and Activation Permissions: Edit Default...
System (Local launch, Local activation)
Administrators (Local launch, Remote launch, Local activation, Remote activation) !!important
Interactive (Local launch, Local activation)

To make it easier you can reset DCOM to the default permission from this registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole

http://www.lansweeper.com/kb/images/dcomreg.jpg

Make sure
 EnableDCOM is set to Y
Delete all other values in this key (don't delete any subkeys)
4) Only necessary for workgroup computers:

If you are scanning Windows Vista or Windows 7 in a
 workgroup you need to disable UAC (for computers in a domain this is not required)
More info on this link:
 Handling_remote_connections_under_uac
·         Optionally you can disable UAC for remote administrator only: 
Start "regedit.exe"
Go to key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system
Create new Dword value: LocalAccountTokenFilterPolicy
Set LocalAccountTokenFilterPolicy to "1"
 
·         Set Classic security model:
Start/run "secpol.msc"
Navigate to Local Policies\Security Options
Network Access: Sharing security model for local accounts - Set to Classic
Restart the computer.

5) Make sure that the user running the Lansweeper service is an administrator on the computer. (Check if the "Domain domain" admins is still part of the local administrator group)
6) If you are sure that everything is configured correctly on this computer and all your clients are affected by this problem, check if the server running the service is configured correctly.

7) If WMI still doesn't work download the
 WMI Diagnose tools from microsoft. (check both your server and your clients)
8) Use this script to repair WMI on a computer.
9) If you are sure that everything is set up correctly and you still get this error you can try removing and re-adding the computer to the domain as last resort.

沒有留言:

張貼留言