none
Unable to remotely connect to computers C$

    Question

  • We are currently unable to Remotely Connect to our Windows XP PCs from the SCCM Console to do remote administration. Our admin PCs using SCCM Console are on Windows 7.

    In addition to ConfigMgr we have the "Right Click tools" and SCCM Client Center.

    The Right Click Tools adds an option to connect to a selected computers C$. This appears with an error message " PCName\c$ is not accessible . You might not have permission to use this network resource . Contact the administrator of this server to find out if you have access permissions. Logon Failure: the user has not been granted the requested logon type at this computer"

    If we try to access the computer with Client Center we get Access Denied 0x80070005 (E_ACCESSDENIED)

    If Remote Assistance is attempted then a failure to connect error is shown.

    Current investigations have pointed toward DCOM issues. However on the test machine we have added EVERYONE with Local and Remote Launch and Local and Remote Access.

    In our GPOs we control DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax and DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax and these have been applied to a test machine with EVERYONE havng full access.

    Windows Firewall have Remote Management and Windows Management Firewall Rules applied. Even with the firewall off the machine cannot be connected

    If the machine is moved into an OU with no GPOs then Remote Assistance and Client Center work ok

    Unsure where to look now. To aid my response I have duplicated this post in the Config Manager forum

    Many Thanks for any comments recieved.


    Lee Bowman MCITP MCTS
    Tuesday, March 29, 2011 5:05 PM

Answers

  • Bruce,

    Sorry i didnt make it clear, I followed Sherrys suggestions with the GPOs and thats how we resolved the Restrictions for Unauthenticated RPC Client issue.

    Its trying to work out to get the C$ to automatically prompt. Again trying the machine in another OU with the policies linked

    Cheers


    Lee Bowman MCITP MCTS
    • Marked as answer by lee-bowman Thursday, March 31, 2011 4:19 PM
    Thursday, March 31, 2011 8:24 AM
  • Ok found the fix to the Connect to C$

    The GPO setting for "Access this Computer from the Network" is restricted on our network and only allows the BuiltIn\Administrators and Remote Desktop Operators groups.

    When Connect to C$ is used then this tries to connect using the standard user account (which is not an administrator user) and therefore not allowed to connect to the C$ share.

    We are going to create a AD Security Group that our System Admins Standard Accounts can be added to and this Security Group will be added to the "Access this Computer from the Network" This will allow the standard users to connect to the C$ and get the Prompt for credentials where the admin account can be typed in


    Lee Bowman MCITP MCTS
    • Marked as answer by Bruce-Liu Monday, April 11, 2011 1:55 AM
    Thursday, March 31, 2011 4:19 PM

All replies

  • Hi Lee,

     

    It seems that the problem is caused by the GPOs linked to the OU where the machine resides.

     

    In your another thread, Sherry has replied detailed information about how to determine which GPO caused this problem:

     

    http://social.technet.microsoft.com/Forums/en-US/configmgrgeneral/thread/a39616d1-1008-4e16-9559-4a76261143c8/

     

    To avoid any confusion, I suggest you focus on this problem in that thread.

     

    Thanks for your understanding.

     

    Regards,

    Bruce


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Wednesday, March 30, 2011 8:21 AM
  • Hello

    Thanks for the response, I did make it more challenging by opening two posts, was just trying to get some SCCM Professionals that may of seen this problem as well as GPO Professionals

    The modification of a particular policy has fixed some of our Remote Management issues. The following GPO now allows the use of SCCM Client Centre and Remote Tools etc.

    Restrictions for Unauthenticated RPC client - Now set to Enabled and None.

    However we still cannot get access to a networked computers C$

    Our aim is to launch another computers C$ from SCCM console and the UAC for Win 7 or Windows login prompt for XP would appear to then be able to connect (I believe this occurs because the Windows Explorer process can only be launched once and Windows Explorer is used by our Standard User account which would not have priveleges to other C drives) SCCM and other admin tools are launched as the Administrator account

    Any advice for showing the prompt when conencting to a remote drive would be greatly appreciated


    Lee Bowman MCITP MCTS
    Wednesday, March 30, 2011 11:41 AM
  • Hi Lee,

     

    Have you tried Sherry’s suggestions? If not, please try them first to determine which GPO caused this problem.

     

    Based on my test, the "Restrictions for Unauthenticated RPC client" policy will not cause this kind of issue.

     

    Regards,

    Bruce


    This posting is provided "AS IS" with no warranties, and confers no rights. Please remember to click "Mark as Answer" on the post that helps you, and to click "Unmark as Answer" if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Thursday, March 31, 2011 7:18 AM
  • Bruce,

    Sorry i didnt make it clear, I followed Sherrys suggestions with the GPOs and thats how we resolved the Restrictions for Unauthenticated RPC Client issue.

    Its trying to work out to get the C$ to automatically prompt. Again trying the machine in another OU with the policies linked

    Cheers


    Lee Bowman MCITP MCTS
    • Marked as answer by lee-bowman Thursday, March 31, 2011 4:19 PM
    Thursday, March 31, 2011 8:24 AM
  • Ok found the fix to the Connect to C$

    The GPO setting for "Access this Computer from the Network" is restricted on our network and only allows the BuiltIn\Administrators and Remote Desktop Operators groups.

    When Connect to C$ is used then this tries to connect using the standard user account (which is not an administrator user) and therefore not allowed to connect to the C$ share.

    We are going to create a AD Security Group that our System Admins Standard Accounts can be added to and this Security Group will be added to the "Access this Computer from the Network" This will allow the standard users to connect to the C$ and get the Prompt for credentials where the admin account can be typed in


    Lee Bowman MCITP MCTS
    • Marked as answer by Bruce-Liu Monday, April 11, 2011 1:55 AM
    Thursday, March 31, 2011 4:19 PM