• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

RSOP Planning Security problem

W

Wake-Up-Jeff

#1
I've been trying to do some RSOP Planning using a non-admin user account on
a domain member workstation.
I am using the following VBScript code:

strComputer = "DC1"
Set locator = CreateObject("WbemScripting.SWbemLocator")
Set connection = locator.ConnectServer (strComputer, "root\rsop", null,
null, null, null, 0, null)
(for the ConnectServer parameters, see
http://msdn.microsoft.com/en-us/library/aa393720(VS.85).aspx)

When I logon to the workstation as an administrator - no problem executing
the script.
When I use a non-admin account, I get an error 80070005 access denied
message executing line 3.

I have used the wmimgmt.msc mmc to set permissions on Root\RSOP for
"Authenticated Users" to the same as "Administrators" for "this namespace
and subnamespaces".

I have also granted "Authenticated Users" permission for "RSOP Planning" and
"RSOP Logging" on the OU which contains the workstation account.

What permissions am I missing???
 

My Computer

A

Alan Mosley

#2
why not pass credentuals to the locator.connectServer object?
if you dont want people to open and see credentual econde it with windows
script encoder

"Wake-Up-Jeff" <artvandal8@xxxxxx> wrote in message
news:%235%234QNH6IHA.4352@xxxxxx

> I've been trying to do some RSOP Planning using a non-admin user account
> on a domain member workstation.
> I am using the following VBScript code:
>
> strComputer = "DC1"
> Set locator = CreateObject("WbemScripting.SWbemLocator")
> Set connection = locator.ConnectServer (strComputer, "root\rsop", null,
> null, null, null, 0, null)
> (for the ConnectServer parameters, see
> http://msdn.microsoft.com/en-us/library/aa393720(VS.85).aspx)
>
> When I logon to the workstation as an administrator - no problem executing
> the script.
> When I use a non-admin account, I get an error 80070005 access denied
> message executing line 3.
>
> I have used the wmimgmt.msc mmc to set permissions on Root\RSOP for
> "Authenticated Users" to the same as "Administrators" for "this namespace
> and subnamespaces".
>
> I have also granted "Authenticated Users" permission for "RSOP Planning"
> and "RSOP Logging" on the OU which contains the workstation account.
>
> What permissions am I missing???
>
>
 

My Computer

W

Wake-Up-Jeff

#3
I want it to run in the credentials of the logged on user.
I don't want to have to pass separate credentials.
This would mean maintaining a separate account just for this purpose.
Besides, the credentials have to be those of an administrator.
I should be able to get this to work for a non-admin user.

"Alan Mosley" <me@xxxxxx> wrote in message
news:OiPh%23$K6IHA.3696@xxxxxx

> why not pass credentuals to the locator.connectServer object?
> if you dont want people to open and see credentual econde it with windows
> script encoder
>
> "Wake-Up-Jeff" <artvandal8@xxxxxx> wrote in message
> news:%235%234QNH6IHA.4352@xxxxxx

>> I've been trying to do some RSOP Planning using a non-admin user account
>> on a domain member workstation.
>> I am using the following VBScript code:
>>
>> strComputer = "DC1"
>> Set locator = CreateObject("WbemScripting.SWbemLocator")
>> Set connection = locator.ConnectServer (strComputer, "root\rsop", null,
>> null, null, null, 0, null)
>> (for the ConnectServer parameters, see
>> http://msdn.microsoft.com/en-us/library/aa393720(VS.85).aspx)
>>
>> When I logon to the workstation as an administrator - no problem
>> executing the script.
>> When I use a non-admin account, I get an error 80070005 access denied
>> message executing line 3.
>>
>> I have used the wmimgmt.msc mmc to set permissions on Root\RSOP for
>> "Authenticated Users" to the same as "Administrators" for "this namespace
>> and subnamespaces".
>>
>> I have also granted "Authenticated Users" permission for "RSOP Planning"
>> and "RSOP Logging" on the OU which contains the workstation account.
>>
>> What permissions am I missing???
>>
>>
>
>
 

My Computer

T

ThatsIT.net.au

#4
"Wake-Up-Jeff" <artvandal8@xxxxxx> wrote in message
news:eMrClql6IHA.3480@xxxxxx

>I want it to run in the credentials of the logged on user.
> I don't want to have to pass separate credentials.
> This would mean maintaining a separate account just for this purpose.
thats correct, thats why you have accounts and permissions. or give the user
permissions


> Besides, the credentials have to be those of an administrator.
> I should be able to get this to work for a non-admin user.
>
> "Alan Mosley" <me@xxxxxx> wrote in message
> news:OiPh%23$K6IHA.3696@xxxxxx

>> why not pass credentuals to the locator.connectServer object?
>> if you dont want people to open and see credentual econde it with windows
>> script encoder
>>
>> "Wake-Up-Jeff" <artvandal8@xxxxxx> wrote in message
>> news:%235%234QNH6IHA.4352@xxxxxx

>>> I've been trying to do some RSOP Planning using a non-admin user account
>>> on a domain member workstation.
>>> I am using the following VBScript code:
>>>
>>> strComputer = "DC1"
>>> Set locator = CreateObject("WbemScripting.SWbemLocator")
>>> Set connection = locator.ConnectServer (strComputer, "root\rsop", null,
>>> null, null, null, 0, null)
>>> (for the ConnectServer parameters, see
>>> http://msdn.microsoft.com/en-us/library/aa393720(VS.85).aspx)
>>>
>>> When I logon to the workstation as an administrator - no problem
>>> executing the script.
>>> When I use a non-admin account, I get an error 80070005 access denied
>>> message executing line 3.
>>>
>>> I have used the wmimgmt.msc mmc to set permissions on Root\RSOP for
>>> "Authenticated Users" to the same as "Administrators" for "this
>>> namespace and subnamespaces".
>>>
>>> I have also granted "Authenticated Users" permission for "RSOP Planning"
>>> and "RSOP Logging" on the OU which contains the workstation account.
>>>
>>> What permissions am I missing???
>>>
>>>
>>
>>
>
>
 

My Computer

Users Who Are Viewing This Thread (Users: 1, Guests: 0)