Database Search
TechHome
 |
- 1219 Error with AddDrive
- Account Expires after wntUserAddDat
- Add Domain Group to Local Administrator Remotely
- Add Everyone to Administrators Group
- Add Global Groups in Domain
- Adding Domain to Workstation
- Adding Users and Setting Flags
- Adds User Account to Local Administrator Group
- Allow Inheritable Permissions from Parent
- Builtin Group SID convert to Name
- Bypass NT Ctrl Alt Del to Logon
- Changing Computer Name and Machine Account
- Changing Domain Passwords Sample Code
- Check For Disabled Computer Account
- Check if You Have Local Admin Rights
- Checking an Accounts Password
- Checking for Old Users
- Convert SID to User ID
- Converting SID to Domain - Account Name
- Create Directories and Set NT Access Permissions
- Dealling With Inheritiable Permissions
- Decode Logon Hours
- Determine if Computer is in a Workgroup or Domain
- Determine if PC is Member of Domain
- Determine Inheritance
- Determining if Current User is Authenticated
- Disable Allow Inheritable Permissions
- Domain Trusts Explained
- Error 673 WntPrivAdd
- Error 684 using wntAccess functions
- Find Domain for a Computer
- Foreign Language support of the Win32 Network Extender
- Get a Users Primary Group
- Get Domain User Info
- Get Machine Administrator Userid
- Get SID from Username
- Get the Currently Logged on User in NT
- Get the SID of a Workstation
- Get User Name and wntUserProps
- How to determine if a file is in use on LAN
- How to disable Allow inheritable permissions
- How to Get the Local Adminstrator Account
- How WntServerList Determines a Server
- Inherit NTFS Persmissions
- Interpreting Access Rights
- Is Domain User a Local Admin
- Is User Logged into Domain or Local Account
- Is wntChgPswd Encrypted
- Issue with AccessMod on Remote Machine
- Keeping Track of Last User Login
- List only Windows 2000 Systems
- List Open Connections
- List Terminal Servers
- Listing Directory Shares with Permissions
- Losing Mapped Drive Connections in XP
- Matching SID to ProfileList folder
- NT Auditing
- NT Extender and NT4 No Service Packs
- NT Network Extender and UPN Account Names
- Obtain Share Permissions
- Obtain user sid
- Port Required for WntUserGetDat
- Problems caused by ADMT
- Pull Trusted Domain List
- Reboot user with no shutdown privileges
- Remotely Reboot and wntShutDown
- Remove Everyone Access from D
- Rename User in an AD Domain
- Reset Passwords in Active Directory
- Reset Permissions when Inheritable is Enabled
- Rights to use wntFileUsers
- Runwithlogon and Bad Username
- RunWithLogon Parameter Size
- RunWithLogon versus RunAsUser
- Searching NT Users and Find by Last Name
- Server Description Field
- Setting File Permissions with wntAccessAdd
- Setting NT Policies
- Setting Service Permissions
- Shutdown All NT Servers
- SID values - AD - round tripping and ADMT
- Synchronize password from NT Domain to Novell
- The NT extender functions in Active Directories
- Trouble determining admin rights
- Trusting Domain List
- Unlock Account with wntUserSetDat
- User Login and Log out Information
- User Profile Last Logon
- Win 2000 AutoAdminLogon
- wntAccess... and Specifying Remote Drives
- WntAccessAdd and Change Modify Registry
- wntAccessAdd and Inherited Rights
- WntAccessAdd and Inheritence
- wntAccessAdd and Invalid User - Group
- wntAccessAdd and NTFS
- WntAccessAdd error 546 Invalid file directory name
- wntAccessAdd Inheritable Permissions
- wntAccessAdd Problem on NT 4
- wntAccessAdd Share Problem on Windows 7
- wntAccessAdd versus w95AccessAdd Tips
- wntAccessDel Error 599 Invalid Level
- wntAccessGet and Username Parameter
- WntAccessList DFS share
- wntAccessList Problem
- wntAccessMod Registry Issue
- wntAcctList Returns Incorrect Flag Values
- wntAcctPolSet Error
- wntAddDrive and Unicode
- WntAddDrive launches an Explorer window
- wntAddPrinter after WntRunAsUser
- wntauditadd and inheritance
- wntAuditAdd and MS Patch
- WntCancelCon Error 511 Device in Use
- wntChgPswd 562 Invalid User Name
- wntChgPswd and Error 586
- wntChgPswd and Error 589 Error Changing Password
- wntChgPswd and Error 677
- wntChgPswd behavior different between W2K and NT4
- wntCurrUsers Behavior
- wntDomainSync Error 695
- wntEventLog Problem
- wntGetCon Error 509 Network component is Not Started or Invalid
- wntMemberDel- error 571
- wntMemberGrps returns 0 on DC running AD
- wntMemberGrps wntMemberSet - 562 invalid user name
- wntMemberList Behavior
- wntMemberList Error 522
- wntMemberList Problems
- wntOwnerGet - wntOwnerSet Tips
- wntOwnerSet Error 547
- wntRemoteTime and 530 Access Denied Error
- wntRemoteTime and Daylight Savings Time
- wntRunAsUser -- Security Side Effects
- wntRunAsUser 713 Unable to Set Window Station Access
- wntRunAsUser and Act as Part of OS Clarification
- wntRunAsUser and Called Scripts
- wntRunAsUser and Debugging Problem
- wntRunAsUser and No Permission on Local Machine
- wntRunAsUser Discussion in French
- wntRunAsUser Error 637
- wntRunAsUser Error 638
- wntRunAsUser Function - 1
- wntRunAsUser Function - 2
- wntRunAsUser Function - 3
- wntRunAsUser Function Used Twice in Script
- wntRunAsUser RunWithLogon Security Context
- wntRunAsUser to AutoAdminLogon after Reboot
- wntRunAsUser Windowstation and Desktop Permissions on WinXP
- wntServerList and wntServiceAt
- wntServerType
- wntShutDown Error 694
- wntUser... and Update User Accounts
- wntUserAdd Adding a Domain User
- wntUserAdd Bug
- WntUserAddDat and Max_storage
- wntUserGetDat 524 Unable to Access Specified Server
- wntUserGetDat and Logon_hours Flag
- wntUserSetDat and Logon Hours
- wNTUserXXXDat Function and Flags
- wxxUserGetDat and Last Logon Date
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
wntRemoteTime and 530:Access Denied Error
Keywords: wntRemoteTime 530:Access Denied Error
Question:
I'm writing a script that will be run by clients running Windows 9x,nt,2000. I have included the time functions as follows:
platform = WinVersion(4)
if platform == 4 Then AddExtender("wwwnt34i.dll")
if platform == 5 Then AddExtender("WWW9x34I.DLL")
If platform == 4 Then gmttime = wntRemoteTime( "\\132.246.160.188", 1)
If platform == 5 Then gmttime = w9xRemoteTime( "\\132.246.160.188", 1)
On some Windows NT workstations I receive a Winbatch 530:access denied error. I would prefer to use a
single time source. Any help you can offer would be appreciated.
The script I'm running will be run on a vast array of different clients. Some in my domain, some in trusted domains to mine, some in untrusted domains and some in workgroup context. I've noticed that with the same workstation some clients are successful and some fail with the error stated. The clients that fail also fail when trying a net time \\server command with the following error:
System error 5 has occurred. Access is denied.So I tend to think that the error is caused by Windows and not the winbatch function. However I can't find anything on this error on ms support. I'm aware that there is a user right in WinNT/2000 that allows you to specify users/groups that can set the time, but I'm not trying to set the time, just get it from a reliable time source server.
Both users are members of administrators that has this user right, one can do a net time \\server one cannot?
Answer:
Pinging a remote NT/2K system and being able to successfully make an RPC [Remote Procedure Call] to it are two different things. All of the Win32 API functions that can be used to get/set information on a remote NT/2K server use RPC calls to do their work. One of the important things to remember is that NT/2K systems are "secure" systems in that you must be authenticated in order to access resources on them.When you logon to a NT/2K system, you are given an access token. This access token contains information about who you are, who authenticated you, what groups you belong to, and what other things are pertinent to know about your "session" [e.g. are you interactive, network, batch, terminal server user, etc...]. A hashed version of your password is also in the access token.
When you try to access remote NT/2K resources, your access token is passed over to the remote system and it evaluates the access token to determine if you should be given access to its resources. Lacking an identical username/password combination [grants implicit trust access], you must be logged on to a domain account that is either in the same domain as the remote NT/2K system or is in a domain that is trusted by the domain to which the remote NT/2K system is a member.
So, all of this aside, check to see if there is a security problem of some sort that is causing this problem. An access denied error [#5] is almost caused by a lack of permissions. The tricky part is to figure out why the lack of permissions exists.
Just for giggles and grins, try doing a "NET USE" command for the IPC$ share on the remote NT/2K system and see if it is successful. Sample syntax is:
NET USE \\server-name\IPC$If this succeeds then try the wntRemoteTime() function in your script. If this fails then you know that you cannot make the necessary RPC connections with proper authentication to get the time from the remote server. Also, if this fails, re-try the NET USE command but also include a username & password on the command line that are valid for logging on to the remote system.
Article ID: W14888
File Created: 2001:11:08:12:40:50
Last Updated: 2001:11:08:12:40:50