|
|
|
|
|
|
|
|
 |
|
Frequently Asked Questions
|
|
|
|
| |
|
|
|
Access Errors Occur When Logging Users Off A Windows System
If you are experiencing Access Denied or other access exceptions when attempting to logoff users from a target system using the Windows Logoff Plugin, please verify the settings below to be sure the system is configured properly to accept remote logoff requests:
- The Windows Logoff action is configured to use an Administrator account with remote logoff privileges for the target system.
- Disable 'simple file sharing' on target system.
- Ensure that no local security software (anti-spyware, anti-virus, etc.) on target or Device ManageR host system is blocking WMI connections.
- Ensure that the firewall on the target system is configured to allow incoming remote WMI connections.
- If the target system is Windows Vista or later system (including Windows 7 and Windows 2008 Server) User Access Control (UAC) could be interfering with the connection. Please see the section below for further information.
Logoff A Windows Vista Or Later Windows System
If the target system is a Windows Vista, Windows 7, Windows Server 2008 or later Windows system the most likely cause for the issues with remote logoff requests is the new User Access Control (UAC) feature.
If the target system is part of a domain, it is recommended to connect to the target system using a domain account that is in the local Administrators group of the target system. This will prevent UAC access token filtering from blocking the WMI connection attempts. Do not use a local, non-domain account on the target system. Even if the account is in the Administrators group, it will experience issues with the WMI connections since Windows will not allow the necessary privileges.
When a user account that is part of a workgroup connects remotely to a system, it connects as a local user on the system. This is done even if the account is in the Administrators group as UAC filtering means that a script runs as a standard user. It would be recommended to create a dedicated local user group or user account on the target system specifically for remote connections.
If you connect to a remote system using a non-domain user account included in the local Administrators group of the remote computer, then you must explicitly grant remote DCOM access, activation, and launch rights to the account. You should be able to use the below steps to explicitly grant those privileges for remote WMI access using the following steps. Please note that depending on the operating system the location may be different or there may be other setting changes required.
- Open the Component Services by selecting the Start button, Run and enter 'dcomcnfg'
- Expand Component Services, Computers, right click on My Computer and select 'Properties' from the menu
- Within the properties options select the COM Security tab and explicitly grant the administrator account local and remote Launch and Activation permissions in both 'Edit Limits...' and 'Edit Default...'
For more details please review the 'Handling Remote Connections Under UAC' section of the 'User Account Control and WMI (Windows)' MSDN article found at the below link.
http://msdn.microsoft.com/en-us/library/aa826699%28v=VS.85%29.aspx
Other related and useful MSDN articles can be found below.
Connecting to WMI Remotely Starting with Windows Vista
http://msdn.microsoft.com/en-us/library/aa822854%28VS.85%29.aspx
Connecting to WMI on a Remote Computer
http://msdn.microsoft.com/en-us/library/aa389290%28v=VS.85%29.aspx
If you have additional questions regarding the Windows Logoff Plugin for AVTECH Device ManageR, please feel free to contact us at Support@AVTECH.com.
|
|
|
|
|
|
|
|
|
|
|
888.220.6700
Sales@AVTECH.com
Processor.com
spiceworks.com
DataCenterPost.com
AVTECH Software, Inc.