Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
Keywords: wntRemoteTime 530:Access Denied Error
platform = WinVersion(4) if platform == 4 Then AddExtender("wwwnt34i.dll") if platform == 5 Then AddExtender("WWW9x34I.DLL") If platform == 4 Then gmttime = wntRemoteTime( "\\132.246.160.188", 1) If platform == 5 Then gmttime = w9xRemoteTime( "\\132.246.160.188", 1)On some Windows NT workstations I receive a Winbatch 530:access denied error. I would prefer to use a single time source. Any help you can offer would be appreciated.
The script I'm running will be run on a vast array of different clients. Some in my domain, some in trusted domains to mine, some in untrusted domains and some in workgroup context. I've noticed that with the same workstation some clients are successful and some fail with the error stated. The clients that fail also fail when trying a net time \\server command with the following error:
System error 5 has occurred. Access is denied.So I tend to think that the error is caused by Windows and not the winbatch function. However I can't find anything on this error on ms support. I'm aware that there is a user right in WinNT/2000 that allows you to specify users/groups that can set the time, but I'm not trying to set the time, just get it from a reliable time source server.
Both users are members of administrators that has this user right, one can do a net time \\server one cannot?
When you logon to a NT/2K system, you are given an access token. This access token contains information about who you are, who authenticated you, what groups you belong to, and what other things are pertinent to know about your "session" [e.g. are you interactive, network, batch, terminal server user, etc...]. A hashed version of your password is also in the access token.
When you try to access remote NT/2K resources, your access token is passed over to the remote system and it evaluates the access token to determine if you should be given access to its resources. Lacking an identical username/password combination [grants implicit trust access], you must be logged on to a domain account that is either in the same domain as the remote NT/2K system or is in a domain that is trusted by the domain to which the remote NT/2K system is a member.
So, all of this aside, check to see if there is a security problem of some sort that is causing this problem. An access denied error [#5] is almost caused by a lack of permissions. The tricky part is to figure out why the lack of permissions exists.
Just for giggles and grins, try doing a "NET USE" command for the IPC$ share on the remote NT/2K system and see if it is successful. Sample syntax is:
NET USE \\server-name\IPC$If this succeeds then try the wntRemoteTime() function in your script. If this fails then you know that you cannot make the necessary RPC connections with proper authentication to get the time from the remote server. Also, if this fails, re-try the NET USE command but also include a username & password on the command line that are valid for logging on to the remote system.
Article ID: W14888
File Created: 2001:11:08:12:40:50
Last Updated: 2001:11:08:12:40:50