Sign in
 
HomeWindows Server 2012Windows Server 2008 R2Windows Server 2003LibraryForums
Windows Server TechCenter >
Remotely access Disk Management on a Windows 2008 server

Answered Remotely access Disk Management on a Windows 2008 server

  • Friday, April 27, 2012 6:24 PM
     
     
    Sign In to Vote
    0

    I am attempting to access Logical Disk Manager (LDM) remotely on a server running Windows Server 2008 Standard SP2 and I receive the message "You do not have access right to Logical Disk Manager on <servername>"

    I have tried to access this from a Windows XP SP3, Windows 7 SP1, and a Windows Server 2008 Standard SP2 member server. Each system is unable to access LDM. The firewalls are disabled on all the systems including the system being remotely accessed.  There are no other firewall products loaded on any of these systems.

    I am a local administrator on each system and am using that local administrator account.

    I have adjusted the Componet Services (COM+) COM Security > Access Permissions > Edit Limits with Everyone and ANONYMOUS LOGON to have Local Access and Remote Access allowed on the remote server

    I have adjusted the Componet Services (COM+) COM Security > Launch and Activation Permissions > Edit Limits with Everyone to have Local launch, Remote Launch, Local Activation, and Remote Activation allowed on the remote server

     

All Replies

  • Sunday, April 29, 2012 4:32 PM
     
     
    Sign In to Vote
    0

    This may be a similar issue.

    http://blogs.technet.com/b/jhoward/archive/2008/03/28/part-1-hyper-v-remote-management-you-do-not-have-the-requested-permission-to-complete-this-task-contact-the-administrator-of-the-authorization-policy-for-the-computer-computername.aspx

     

     

     

    Regards, Dave Patrick ....
    Microsoft Certified Professional
    Microsoft MVP [Windows]

    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

     
  • Wednesday, May 02, 2012 7:57 AM
     
     Answered
    Sign In to Vote
    0

    As Dave has alluded to above through the linked article, because you are using an account local to the remote server to which you're attempting to connect, and that account is also a local administrator, the administrative bit is stripped out of the logon token which results in the error you are getting.

    Have a read of this support article to see how it all hangs together.

    In terms of what you can do, in the order of most to least preferred, you can:

    • Use a domain account which has been assigned locally administrative rights on that server (i.e. tossed into the local Administrators group).
    • Change the LocalAccountTokenFilterPolicy value described in the above article to have a value of 1. Not recommended as it reduces the security of the system, but in the case of workgroup servers, it sometimes can be the only practical solution. If the server is a member of the domain, this option shouldn't be used.

    Cheers,
    Lain

     
  • Friday, March 08, 2013 9:53 PM
     
     
    Sign In to Vote
    0

    Shouldn't the value of LocalAccountTokenFilterPolicy be set to 1 in order to build an elevated token?

    http://support.microsoft.com/kb/951016#letmefixit

     
  • Wednesday, March 13, 2013 12:02 PM
     
     
    Sign In to Vote
    0

    Correct, Jeff. I've amended the value above. Thanks for catching the typo.

    Cheers,
    Lain