WMI Script, access denied?

Discussion in 'Scripting' started by Linn Kubler, Jan 23, 2009.

  1. Linn Kubler

    Linn Kubler Guest

    Hi,

    I've got a little script here that I can use to get some information out of
    a computer. This works fine with computers that are attached to my domain
    but I can't get it to work with a computer that is not in my domain but
    rather a workgroup. I get an Access Denied message. What is different
    about accessing a workgroup computer and a domain computer?

    Here's my code:
    Const WbemAuthenticationLevelPktPrivacy = 6
    strComputer = "chart553"
    strUser = "workgroup\Julie"
    strPassword = ""
    Set objWbemLocator = CreateObject("WbemScripting.SWbemLocator")
    Set objWMIService = objwbemLocator.ConnectServer _
    (strComputer, strNamespace, strUser, strPassword)
    objWMIService.Security_.authenticationLevel =
    WbemAuthenticationLevelPktPrivacy

    I've also tried strUser = "chart553\Julie"

    Julie is the Administrator account name of this laptop and the account does
    not have a password, the laptop boots straight to the desktop. It is
    Windows XP Home, whereas the domain computers are XP Pro, could that be the
    difference?

    Thanks in advance,
    Linn
     
    Linn Kubler, Jan 23, 2009
    #1
    1. Advertisements


  2. I believe XP home does not have DCOM enabled, which is required for WMI to
    connect remotely.
     
    Richard Mueller [MVP], Jan 23, 2009
    #2
    1. Advertisements

  3. Some time ago I did research and found the following rules:

    1. You cannot connect to computer running XP Home.
    2. An NT computer cannot connect to OS later than W2k.
    3. A W2k3 computer cannot connect to Win9x.
    4. To connect to W2k Server SP4 you must set impersonation level to
    Impersonate.
    5. W2k computers must have SP2 to connect to XP or above.
    6. W2k3 can only connect to Win9x and NT if credentials supplied.
    7. To connect to XP or W2k3 you must set authentication level to Pkt.

    Number 7 may not be required, but it can't hurt either.
     
    Richard Mueller [MVP], Jan 23, 2009
    #3
  4. Linn Kubler

    Tom_Slycke Guest

    Here's one...

    I have a rouutine I use to collect a LOT of data from all of our servers.
    - Create a share on your central repository and put you program or batch
    file there. i have \\centralserver\admin\serveradmin.cmd
    - Allow everyone read/write access here.
    - create a scheduled task on all your computers to execute at some obscure
    hour, like 4:00 AM, to run \\centralserver\admin\serveradmin.cmd
    - have the serveradmin.cmd run the list of programs you want to run on all
    your servers.

    This program will run using the local network service account and have full
    access to the system

    All your server will run the job at 4:00 AM and then when you get into the
    office in the morning, you will have a wealth of information waiting for
    you.

    Some of the things I run.....

    ipconfig /all > \\centralserver\admin\serverIPs\%computername%.txt (
    save ipconfig data to a text file )
    call \\centralserver\admin\utils\timecheck.cmd
    ( this collects the servers time source so we can keep the time heirachy
    good )
    call \\centralserver\admin\GetLocalAdmins.cmd
    ( dump a list of waht accounts / groups are in the local admin for
    auditing )
    certutil -store -v my > \\centralserver\admin\localcerts\%computername%.txt
    ( collect certificate data ont eh servers to identify ones about to expire )

    Obviously you can run any program here you want. I like to restirct this
    daily routine to small tasks that will run fast. The data collected can then
    be parsed later on and you can generate various reports..

    You can easily add your WBEM script.
    If you want to run a program / script on demand...
    at \\remotecomputer 13:30 \\centralserver\admin\serveradmin.cmd
    or at \\remotecomputer 13:30 \\centralserver\admin\utility.cmd
    ( any other utility you want run )

    Want one of the lines in the central script to only run once
    if not exist \\centralserver\admin\serverIPs\%computername%.txt ipconfig
    /all > \\centralserver\admin\serverIPs\%computername%.txt

    This has made a real nice little server inventory system for us!!


    Tom
     
    Tom_Slycke, Jan 25, 2009
    #4
  5. Linn Kubler

    Linn Kubler Guest

    Tom,

    Thanks for the suggestions, good ideas here. For my purposes, however, I'm
    more interested in the user's workstations than the servers at this point.
    So I'm looking more at on demand scripts that I run when needed. But I will
    keep this process in mind for my servers, haven't thought much about
    collecting data against them.

    Thanks,
    Linn
     
    Linn Kubler, Feb 12, 2009
    #5
  6. Linn Kubler

    Linn Kubler Guest

    Yeah, seems like number 1 is what's getting me here. I'm working on running
    scripts from the XP Home systems and pushing the collected data to my
    system. I think this will have limited use for me but necessary, XP home is
    definately the exception in my network.

    Thanks,
    Linn
     
    Linn Kubler, Feb 12, 2009
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.