使用 Windows XP SP3 的远程 WMI
全新安装的 Windows XP SP3 不允许像 Windows XP SP2 那样进行远程 WMI 访问。
如果我按照 http 上的“如何解决 Windows XP SP2 中与 WMI 相关的问题”文档中的步骤操作: //support.microsoft.com/kb/875605 我无法让 SP3 响应远程 WMI 请求。
每个请求,甚至是内置管理员帐户、管理员组中的新帐户,甚至是不在管理员组中但有权访问远程 DCOM 和远程 DCOM 的新帐户。 Microsoft文档中描述的WMI命名空间全部返回错误代码0x80070005,访问被拒绝。
为了验证我没有愚蠢的系统配置,我安装了一个全新的 Windows XP SP3 映像(使用来自 MSDN 的 .ISO 映像),并且除了通过防火墙启用 RemoteAdmin 之外,没有执行任何配置更改。 在这种情况下也出现了访问被拒绝的行为。
Windows XP SP3 中对远程 DCOM/WMI 访问有何更改以及如何最好地启用它?
A fresh Windows XP SP3 install does not allow remote WMI access like Windows XP SP2 does.
If I follow the steps in the "How to troubleshoot WMI-related issues in Windows XP SP2" document at http://support.microsoft.com/kb/875605 I'm unable to get SP3 to respond to a remote WMI request.
Every request, even to the built-in Administrator account, a new account in the Administrators group, or even a new account not in the Administrators group but given access to remote DCOM & the WMI namespace as described in the Microsoft document all return error code 0x80070005, Access is denied.
To verify I didn't have a goofy system configuration, I installed a fresh Windows XP SP3 image (using the .ISO image from MSDN) and performed no configuration changes save enabling RemoteAdmin through the Firewall. The Access is denied behavior was seen in this scenario as well.
What changed in Windows XP SP3 to remote DCOM / WMI access and how best to enable it?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(3)
事实证明,该问题并非 SP3 特有,而是域中缺少这些系统。
如果 XP 不在域中,则“文件夹选项”控制面板小程序中的“使用简单文件共享”选项将发挥神奇作用。 如果启用此选项(默认),则所有文件共享连接都将使用来宾用户凭据完成,但这也适用于传入的 DCOM 连接。
禁用此选项允许按预期验证 DCOM 连接。
It turns out the issue wasn't specific to SP3, but rather the lack of these systems being in a domain.
If XP isn't in a domain then the "Use Simple File Sharing" option, found in the Folder Options control panel applet, works it magic. If this option is enabled (the default) all file sharing connections are done with the guest user credential, but this also is applied to incoming DCOM connections as well.
Disabling this option allows DCOM connections to be verified as expected.
据说 SP3 没有检查“在此计算机上启用分布式 COM”。 进入组件服务 (dcomcnfg.exe) 组件服务、计算机。 右键单击“我的电脑”并转到属性。 “默认属性”是您想要的选项卡。 我还听说将 DTC 登录帐户更改为 NT AUTHORITY\NetwerkService(注意 e 而不是 o)将会起作用。 您可以在“MSDTC”选项卡“安全配置”下找到它,路径与“我的电脑”相同。
我们通过使用这些技巧解决了非常相似的问题。 希望这可以帮助。
Supposedly SP3 does not check 'Enable Distributed COM on this computer'. Get into Component Services (dcomcnfg.exe) Component Services, Computers. Right click 'My Computer' and go to properties. 'Default Properties' is the tab you want. I have also heard that changing the DTC Logon account to NT AUTHORITY\NetwerkService (note the e instead of an o) will work. You can find this under the MSDTC tab, Security Configuration following the same path to My Computer.
We solved something very similar by using these tricks. Hope this helps.
我不确定 RemoteAdmin 是否是您需要在防火墙中关闭的那个。
一个建议是首先完全关闭防火墙并尝试。 如果它有效,那么您就知道它是防火墙的原因。 如果是这种情况,那么我会尝试直接添加端口 tcp 135,然后再试一次。
您也可以尝试使用telnet [XP_SP3机器的IP地址] 135,看看是否可以建立连接。
希望这可以帮助。
I'm not sure if RemoteAdmin is the one you need to turn off or not in the firewall.
One suggestion would be to turn off the firewall completely first and try that. If it works, then you know it is the firewall. If this is the case, then I would try adding port tcp 135 directly and try again.
You may also try using telnet [ip address of XP_SP3 machine] 135 and see if you can establish the connection.
Hope this helps.