locked
.net powershell access denied RRS feed

  • Question

  • Dear all,

    I have a runbook which is running a .net powershell action below with the administrator of the targeted server (DMZ) and is getting a service status. 

    $User = "Administrator"
    $PWord = ConvertTo-SecureString –String "password" –AsPlainText -Force
    $Access = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist "Administrator",$PWord
    $Test=Get-WMIObject Win32_Service -computer "IP" -credential $Access -Filter "Name='AudioSrv'" | Select State

    A new user is created on the server and the user is a member of the administrators of the targeted server.

    when i run the above action with the administrator is working but when i change to the other user which is created i get access denied.

    The only denied the new user have is the denied rdp.

    any idea ?


    Nikkoscy

    Thursday, February 23, 2017 7:10 AM

Answers

  • the problem is with dcom permissions.

    0x80070005 –   E_ACCESS_DENIED

    Access denied by   DCOM security.

    The user does not have remote access to the   computer through DCOM. Typically, DCOM errors occur when connecting to a   remote computer with a different operating system version.

    Give the user Remote   Launch and Remote Activation permissions in dcomcnfg. Right-click My   Computer-> Properties Under COM Security, click "Edit Limits"   for both sections. Give the user you want remote access, remote launch, and   remote activation. Then go to DCOM Config, find "Windows Management   Instrumentation", and give the user you want Remote Launch and Remote   Activation. For more information, see Connecting Between   Different Operating Systems


    Nikkoscy

    • Marked as answer by Nikkoscy Friday, February 24, 2017 6:19 AM
    Friday, February 24, 2017 6:19 AM

All replies

  • Hi,

    • On the DMZ system launch "wmimgmt.msc"
    • Right-click on "WMI Control (Local)" then select Properties
    • Go to the "Security" tab and select "Security" and check if the "Administrators" or the new user has the appropriate rights.

    Regards,

    Stefan


    Visit go2azure.eu and my blog at www.sc-orchestrator.eu !

    Thursday, February 23, 2017 9:54 AM
    Answerer
  • Hi Nikkoscy,

    just out of curiosity: What hppens if you log in with the user once and try to run the activity with the credentials afterwards? Same error?

    Regards,


    Stoyan (Please take a moment to "Vote as Helpful" and/or "Mark as Answer" where applicable. This helps the community, keeps the forums tidy, and recognizes useful contributions. Thanks!)

    Thursday, February 23, 2017 9:59 AM
  • Thanks for the reply,

    Administrators group has full access.

    when i run it with administrator it runs ok. The problem is when i run it with the other user which is a member of the administrators group.

    Thanks


    Nikkoscy

    Thursday, February 23, 2017 10:15 AM
  • it runs ok from the server with the other user.


    Nikkoscy

    Thursday, February 23, 2017 10:16 AM
  • i forgot to mentioned that on the event viewer security on the server i can see that the user is logged on and off successfully.

    i do not get any errors in the event viewer.


    Nikkoscy

    Thursday, February 23, 2017 10:18 AM
  • the problem is with dcom permissions.

    0x80070005 –   E_ACCESS_DENIED

    Access denied by   DCOM security.

    The user does not have remote access to the   computer through DCOM. Typically, DCOM errors occur when connecting to a   remote computer with a different operating system version.

    Give the user Remote   Launch and Remote Activation permissions in dcomcnfg. Right-click My   Computer-> Properties Under COM Security, click "Edit Limits"   for both sections. Give the user you want remote access, remote launch, and   remote activation. Then go to DCOM Config, find "Windows Management   Instrumentation", and give the user you want Remote Launch and Remote   Activation. For more information, see Connecting Between   Different Operating Systems


    Nikkoscy

    • Marked as answer by Nikkoscy Friday, February 24, 2017 6:19 AM
    Friday, February 24, 2017 6:19 AM