RE: Access denied to local computer, even as ADMIN !! 2005-07-07 - By Tim Curtin
if you're using win2000 SP4 with Active Directory, I just had this problem.
Also, make sure 'Trust this server for Delegation' is turned on in AD.
SP4 removes IWAM impersonation priviledges.
Here's the steps to correct:
http://support.microsoft.com/kb/824308/EN-US/
Tim
>From: "Scott Forsyth" <scottnewsgroups@(protected)>
>Reply-To: aspnet-admin@(protected)
>To: aspnet-admin@(protected)
>Subject: [aspnet-admin] RE: Access denied to local computer, even as ADMIN
>!!
>Date: Thu, 7 Jul 2005 02:24:15 -0400
>
>>I realise that the metabase has it's own permissions, but does the
>>metabase
>>respect a user having the seTakeOwnership permission? (I noticed that keys
>>within the metabase do have an owner property).
>
>I couldn't say for sure. The metabase inheritance and ownership functions
>a bit different than NTFS does so I assume that it has it's own way of
>doing things and doesn't rely on the NT rights / events / methods.
>
>
>Scott Forsyth
>Microsoft MVP - ASP/ASP.NET
>ASPInsider Member - MCP
>
>http://www.orcsweb.com/
>Powerful Web Hosting Solutions
>#1 in Service and Support
>
>
>----- Original Message ----- From: "Ken Schaefer" <Ken@(protected)>
>To: <aspnet-admin@(protected)>
>Sent: Tuesday, July 05, 2005 7:01 PM
>Subject: [aspnet-admin] RE: Access denied to local computer, even as ADMIN
>!!
>
>
>I realise that the metabase has it's own permissions, but does the metabase
>respect a user having the seTakeOwnership permission? (I noticed that keys
>within the metabase do have an owner property).
>
>Alternatively, running that script via a scheduled task (and using the
>at.exe
>command to schedule the task) would mean that the script could run as
>LocalSystem (which presumably still has permissions to the metabase if IIS
>is
>running)
>
>Cheers
>Ken
>
>--
>www.adOpenStatic.com/cs/blogs/ken/
>
>: -----Original Message-----
>: From: Scott Forsyth [mailto:scottnewsgroups@(protected)]
>: Sent: Wednesday, 6 July 2005 12:29 AM
>: To: aspnet-admin@(protected)
>: Subject: [aspnet-admin] RE: Access denied to local computer, even as
>ADMIN
>: !!
>:
>: > AFAIK, the metabase doesn't obey NT rights (such as SeTcbPrivilege or
>: SeTakeOwnershipPrivilege), but maybe it does.
>:
>: That's correct, the metabase has its own set of permissions that are
>: stored
>: in the metabase directly. If a setting is set on a particular node, it
>: will
>: not inherit from the root.
>:
>: Metabase explorer is probably the best bet. A command line option is
>: metaacl.vbs.
>:
>: Darren, what would have changed to cause this? It's pretty (actually
>: 'really') uncommon for someone to be locked out like this. Did you or
>: another administrator do something that would have changed these
>settings?
>:
>:
>: Scott Forsyth
>: Microsoft MVP - ASP/ASP.NET
>: ASPInsider Member - MCP
>:
>: http://www.orcsweb.com/
>: Powerful Web Hosting Solutions
>: #1 in Service and Support
>:
>:
>: ----- Original Message -----
>: From: "Ken Schaefer" <Ken@(protected)>
>: To: <aspnet-admin@(protected)>
>: Sent: Tuesday, July 05, 2005 9:29 AM
>: Subject: [aspnet-admin] RE: Access denied to local computer, even as
>ADMIN
>: !!
>:
>:
>: AFAIK, the metabase doesn't obey NT rights (such as SeTcbPrivilege or
>: SeTakeOwnershipPrivilege), but maybe it does.
>:
>: My suggestion: download Metabase Explorer (part of the IIS6.0 Resource
>: Kit,
>: but it works with IIS5.1 as well) [1]. Right-click on the root-node and
>: choose "Permissions". If Administrators group is not listed, attempt to
>: add
>: it. If you can't add it, go to the Owner tab, and seize ownership of the
>: entire heirachy, then do the preceeding step.
>:
>: If the metabase permissions actually honour the NT rights, then ensure
>: (via
>: the Local Security Policy) that your Admin account has "Take Ownership
>: Privileges) [2]
>:
>: Cheers
>: Ken
>:
>: [1]
>: http://www.microsoft.com/downloads/details.aspx?FamilyID=56fc92ee-a71a-
>: 4c73-b
>: 628-ade629c89499&DisplayLang=en
>: [2] Start -> Run -> secpol.msc -> User Rights Assignment node
>:
>: --
>: www.adOpenStatic.com/cs/blogs/ken/
>:
>: : -----Original Message-----
>: : From: Darren Logan [mailto:Darrenl@(protected)]
>: : Sent: Tuesday, 5 July 2005 11:06 PM
>: : To: aspnet-admin@(protected)
>: : Subject: [aspnet-admin] RE: Access denied to local computer, even as
>: ADMIN
>: : !!
>: :
>: : Hi Ken,
>: :
>: : Thanks for this... BUT HOW?
>: :
>: : Vbr,
>: : Darren
>: :
>: : -----Original Message-----
>: : From: Ken Schaefer [mailto:Ken@(protected)]
>: : Sent: 05 July 2005 14:03
>: : To: aspnet-admin@(protected)
>: : Subject: [aspnet-admin] RE: Access denied to local computer, even as
>: : ADMIN !!
>: :
>: :
>: : Even when you are an administrator, ACLs (Access Control Lists) can be
>: : configured to deny access to administrators. It's just that, by
>default,
>: : administrators have access to most things. However, that doesn't stop
>: the
>: : default ACLs being modified.
>: :
>: : As a general rule however, Administrators can take ownership of most
>: : resources (which, in turn gives them permission to alter the ACLs,
>given
>: : them
>: : access to the resource in question).
>: :
>: : It seems that the Administrator account doesn't have permissions to
>keys
>: : in
>: : the IIS metabase. You may need to reset the permissions on those keys.
>: :
>: : Cheers
>: : Ken
>: :
>: : --
>: : www.adOpenStatic.com/cs/blogs/ken/
>: :
>: : : -----Original Message-----
>: : : From: Darren Logan [mailto:Darrenl@(protected)]
>: : : Sent: Tuesday, 5 July 2005 8:19 PM
>: : : To: aspnet-admin@(protected)
>: : : Subject: [aspnet-admin] Access denied to local computer, even as
>ADMIN
>: : !!
>: : :
>: : : Hi,
>: : :
>: : : I have a SBC running Windows XP Embedded with IIS5.1
>: : :
>: : : I log on as administrator, yet when i click to expand "Local
>computer"
>: : in
>: : : internet information services, i get a message thus "You have been
>: : denied
>: : : access to this machine".
>: : :
>: : : Errmmmm, what's that all about?
>: : :
>: : : This is very frustrating.. do i need to re-install windows XPE do you
>: : : think?
>: : :
>: : : How do i access user account settings to ensure access permissions
>are
>: : : setup correctly etc.?
>: : :
>: : :
>: : : Best regards
>: : : Darren Logan BSc(Hons)
>: : : Development Engineer
>: : : ________________________________________________________________
>: : :
>: : : MICHELL INSTRUMENTS LTD Tel: +44 (0)1223 434 854
>: : : Nuffield Close Fax: +44 (0)1223 434 895
>: : : Cambridge e-mail: darrenl@(protected)
>: : : CB4 1SS, UK web: www.michell-instruments.com
>: : :
>: : : UKAS accredited: 0179 * BS EN ISO9001:2000 registered: Q6284 *
>: : : Member BCAS * Investor in People
>: : :
>: : : --------------------------------- Dew point specialists ------------
>: : : ---------------------
>: : :
>: : : This communication contains information which is confidential and may
>: : also
>: : : be privileged. It
>: : : is for the exclusive use of the intended recipient(s). If you are not
>: : the
>: : : intended recipient(s),
>: : : please note that any distribution, copying or use of this
>: communication
>: : or
>: : : the information in
>: : : it is strictly prohibited. If you have received this communication in
>: : : error, please notify the
>: : : sender immediately and then destroy any copies of it.
>: : :
>: : :
>: : :
>: : :
>: : :
>: : : Need SQL Advice? http://sqladvice.com
>: : : Need RegEx Advice? http://regexadvice.com
>: : : Need XML Advice? http://xmladvice.com
>: :
>: : Need SQL Advice? http://sqladvice.com
>: : Need RegEx Advice? http://regexadvice.com
>: : Need XML Advice? http://xmladvice.com
>: :
>: :
>: : Need SQL Advice? http://sqladvice.com
>: : Need RegEx Advice? http://regexadvice.com
>: : Need XML Advice? http://xmladvice.com
>:
>: Need SQL Advice? http://sqladvice.com
>: Need RegEx Advice? http://regexadvice.com
>: Need XML Advice? http://xmladvice.com
>:
>:
>:
>: Need SQL Advice? http://sqladvice.com
>: Need RegEx Advice? http://regexadvice.com
>: Need XML Advice? http://xmladvice.com
>
>Need SQL Advice? http://sqladvice.com
>Need RegEx Advice? http://regexadvice.com
>Need XML Advice? http://xmladvice.com
>
>
>
>Need SQL Advice? http://sqladvice.com
>Need RegEx Advice? http://regexadvice.com
>Need XML Advice? http://xmladvice.com
Need SQL Advice? http://sqladvice.com
Need RegEx Advice? http://regexadvice.com
Need XML Advice? http://xmladvice.com
|
|
