none
Remotely access Disk Management on a Windows 2008 server

    Question

  • I am attempting to access Logical Disk Manager (LDM) remotely on a server running Windows Server 2008 Standard SP2 and I receive the message "You do not have access right to Logical Disk Manager on <servername>"

    I have tried to access this from a Windows XP SP3, Windows 7 SP1, and a Windows Server 2008 Standard SP2 member server. Each system is unable to access LDM. The firewalls are disabled on all the systems including the system being remotely accessed.  There are no other firewall products loaded on any of these systems.

    I am a local administrator on each system and am using that local administrator account.

    I have adjusted the Componet Services (COM+) COM Security > Access Permissions > Edit Limits with Everyone and ANONYMOUS LOGON to have Local Access and Remote Access allowed on the remote server

    I have adjusted the Componet Services (COM+) COM Security > Launch and Activation Permissions > Edit Limits with Everyone to have Local launch, Remote Launch, Local Activation, and Remote Activation allowed on the remote server

    Friday, April 27, 2012 6:24 PM

Answers

  • As Dave has alluded to above through the linked article, because you are using an account local to the remote server to which you're attempting to connect, and that account is also a local administrator, the administrative bit is stripped out of the logon token which results in the error you are getting.

    Have a read of this support article to see how it all hangs together.

    In terms of what you can do, in the order of most to least preferred, you can:

    • Use a domain account which has been assigned locally administrative rights on that server (i.e. tossed into the local Administrators group).
    • Change the LocalAccountTokenFilterPolicy value described in the above article to have a value of 1. Not recommended as it reduces the security of the system, but in the case of workgroup servers, it sometimes can be the only practical solution. If the server is a member of the domain, this option shouldn't be used.

    Cheers,
    Lain

    Wednesday, May 02, 2012 7:57 AM

All replies