2,306
edits
Changes
Jump to navigation
Jump to search
Line 26:
Line 26: − + + + + + + + + + + + + + + + + + + + + + + + + +
→Windows host config
== Windows host config ==
== Windows host config ==
The windows machine you are connecting to must have AN Manager Authentication level set to: <br />
=== Step 1: DCOM permission ===
# Open Dcomcnfg
# Expand Component Service -> Computers -> My computer
# Go to the properties of My Computer
# Select the COM Security Tab
# Click on "Edit Limits" under Access Permissions, and ensure "Everyone" user group has "Local Access" and "Remote Access" permission.
# Click on the "Edit Limit" for the launch and activation permissions, and ensure "Everyone" user group has "Local Activation" and "Local Launch" permission.
# Highlight "DCOM Config" node, and right click "Windows Management and Instruments", and click Properties.
# <Please add the steps to check Launch and Activation Permissions, Access Permissions, Configuration Permissions based on the default of Windows Server 2008>
=== Step 2: Permission for the user to the WMI namespace ===
# Open WMImgmt.msc
# Go to the Properties of WMI Control
# Go to the Security Tab
# Select "Root" and open "Security"
# Ensure "Authenticated Users" has "Execute Methods", "Provider Right" and "Enable Account" right; ensure Administrators has all permission
=== Step 3: Verify WMI Impersonation Rights ===
# Click Start, click Run, type gpedit.msc, and then click OK.
# Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings.
# Expand Security Settings, expand Local Policies, and then click User Rights Assignment.
# Verify that the SERVICE account is specifically granted Impersonate a client after authentication rights.
The windows machine you are connecting to must have LAN Manager Authentication level set to: <br />
Send LM & NTLM - use NTLMv2 session security if negotiated<br />
Send LM & NTLM - use NTLMv2 session security if negotiated<br />
# Start --> run --> gpedit.msc
# Start --> run --> gpedit.msc