SpongeWorthy Posted January 25, 2008 Report Share Posted January 25, 2008 Hi, I am getting an 'Access is denied' error attempting to logon to all of the computers in my workgroup. Is TNI only supported in a domain environment? If not, how can I diagnose the specifics of the autentication failure? I have tried connecting to both WinXP and Vista computers. I am using 1.5.40 trial version. Thank you, Steve Quote Link to comment
Support Posted January 25, 2008 Report Share Posted January 25, 2008 Hi Steve, TNI works in both workgroup and domain environment. But the point is that you need to have administrator access to remote machines. Make sure that you specify username and password of the user that has administrator rights on those computers (local administrator or domain administrator). If the administrator has blank password, remote access will not be possible also. But if the computers are not in domain: workstations which are running Windows XP and Vista and not connected to domain don't allow local administrator to authenticate as himself by default. Instead, "ForceGuest" policy is used, which means that all remote connections are mapped to Guest account. But again, administrator rights are required to make the scan. Please consult this document on this matter. You would need to update the policy as described in this document on each computer. It can be easily done by running "secpol.msc" and expanding Local policies - Security options - and locating the policy "Network access: Sharing and security model for local accounts" and changing it from "Guest" to "Classic". This should be done for both Windows XP and Vista. But for Windows Vista there is one more step that should be taken - it concerns User Account Control (UAC). It restricts administrator rights for remote logons is some cases. You should either disable UAC, or make changes to the parameter in the registry as described in this short document. P.S. I bet this should be added to our FAQ... Quote Link to comment
mmatheny Posted January 25, 2008 Report Share Posted January 25, 2008 Steve, are you using agentless or deploying the agent? If agentless, it's probably a WMI issue. Quote Link to comment
Support Posted January 25, 2008 Report Share Posted January 25, 2008 Steve, are you using agentless or deploying the agent? If agentless, it's probably a WMI issue. Not necessarily. In order to use an agentless (direct WMI) method, you need to have the same rights as when you connect to administrator resources like C$ or ADMIN$ (which is done when deploying agent), that is administrator rights. And Windows XP and Vista have some default restrictions for such connections, which I have described above. These restrictions are removed when you connect a system to a domain, and in workgroup you have to remove them manually. Quote Link to comment
SpongeWorthy Posted January 26, 2008 Author Report Share Posted January 26, 2008 Thanks for the tips guys, I'll review the settings and give them a try. Steve Quote Link to comment
BenDog Posted January 27, 2008 Report Share Posted January 27, 2008 doesn't it already have "try other method if one fails" turned on by default? Coz if so, it should already be trying the agent. ? Quote Link to comment
Support Posted January 28, 2008 Report Share Posted January 28, 2008 doesn't it already have "try other method if one fails" turned on by default? Coz if so, it should already be trying the agent. ? Yes, and moreover, agent is tried by default in the furst turn. But "Access denied" does not depend on the selected method, because if it's "denied", you'll get this error with both methods. Quote Link to comment
BenDog Posted January 28, 2008 Report Share Posted January 28, 2008 you're right. I didn't read your previous post close enough. please forgive! Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.