- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I want to use winrm. I have Windows 7 installed and configure it for workgroup not domain.
Each simple winrm command leads to the error message: Access is denied
Mr. google and several forums told me to:
* execute the winrm command just with having administrator rights
* to create the DWORD LocalAccountTokenFilterPolicy [HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System] and set to 1
* Use Local Security Settings (Secpol.msc) to change the setting of the
"Network Access: Sharing and security model for local accounts" policy
in Security Settings\\Local Policies\\Security Options to "Classic".
* administrator must have a non blank password
* first execute winrm quickconfig
I did all those hints. Unfortunatly I still recieve the error "Access is denied" for each even simple winrm command.
I need WinRm, I have to fix the problems under my Windows 7. It must work.
Please help me and tell me what else must be done, to get it running.
In advance thanks a lot
I want to use winrm. I have Windows 7 installed and configure it for workgroup not domain.
Each simple winrm command leads to the error message: Access is denied
Mr. google and several forums told me to:
* execute the winrm command just with having administrator rights
* to create the DWORD LocalAccountTokenFilterPolicy [HKLM\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System] and set to 1
* Use Local Security Settings (Secpol.msc) to change the setting of the
"Network Access: Sharing and security model for local accounts" policy
in Security Settings\\Local Policies\\Security Options to "Classic".
* administrator must have a non blank password
* first execute winrm quickconfig
I did all those hints. Unfortunatly I still recieve the error "Access is denied" for each even simple winrm command.
I need WinRm, I have to fix the problems under my Windows 7. It must work.
Please help me and tell me what else must be done, to get it running.
In advance thanks a lot
Link Copied
10 Replies
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Our primary focushere ison using WinRM with vPro as opposed to WinRM in general, so I don't know if I can help you. That said, I do have some information that might help. If youput in"gpedit.msc" at a command line, that takes you to a configuration settings tool that will allow you to configure WinRM. Once that tool is up, you navigate down the tree on the left into the Computer Configuration -> Administrative Templates -> Windows Components -> Windows Remote Management (WinRM) section.
There are settings for both the Client and Service here. If you're receiving access denied errors and you're working with a work group, you should look at the options for allowing Basic authentication or Digest Authentication, possibly the option for unencrypted traffic or Trusted Hosts. I don't know the exact options you need, but with access to those configuration settings hopefully you'll have some additional options to try.
Andy
There are settings for both the Client and Service here. If you're receiving access denied errors and you're working with a work group, you should look at the options for allowing Basic authentication or Digest Authentication, possibly the option for unencrypted traffic or Trusted Hosts. I don't know the exact options you need, but with access to those configuration settings hopefully you'll have some additional options to try.
Andy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have the same focus. I need WinRm to configure AMT.
Thanks for your hint pointing to an additional place, where I can configure WinRM.
Thanks for your hint pointing to an additional place, where I can configure WinRM.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ah, that makes things easier. This link describes exactly what settings you need to set to work with AMT:
http://software.intel.com/en-us/blogs/2007/12/13/does-amt-support-ws-man/
Ajith mentioned configuring the settings using the WinRM command line, but you can use the tool I mentioned previously to configure the appropriate settings as well. All the three settings in Ajith's blog are in the WinRM Client section.
Allowunencrypted=True
TrustedHosts= specific IP addresses or domains that are trusted
Digest=True
This will support AMT configured locally with Digest authentication (instead of Kerberos) and without TLS encryption on the ongoing traffic. This is the easiest to work with during initial development (and requires the least network infrastructure), of course in an actual product depending on your security requirements you might want to support Kerberos authentication or TLS encryption on the traffic.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok I wanted to execute the described steps, which are mentioned in your link:
http://software.intel.com/en-us/blogs/2007/12/13/does-amt-support-ws-man/
But unfortunatly already the first line:
C:\ >winrm get winrm/config/client
Led to the error: Access is denied
The problem is somewhere earlier.
When I started with the AMT- & WinRm-Topic, the computer had a completly fresh
Windows 7 installation.
So any hints, why my winrm can't be configured?
http://software.intel.com/en-us/blogs/2007/12/13/does-amt-support-ws-man/
But unfortunatly already the first line:
C:\ >winrm get winrm/config/client
Led to the error: Access is denied
The problem is somewhere earlier.
When I started with the AMT- & WinRm-Topic, the computer had a completly fresh
Windows 7 installation.
So any hints, why my winrm can't be configured?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Here seems to be a part for solving my problem:
*********************************************************************************************
http://srvcore.wordpress.com/2010/01/02/domain-controllers-warning-event-id-10154/
.....
Since that WinRM runs under Network Service account, I was able to fix this warning by
granting the Validated Write to Service Principal Name permission to the NETWORK SERVICE
using the ADSIEDIT.msc.
....
*********************************************************************************************
Unfortunatly I don't have the ADSIEDIT.msc. This seems to be a program on Windows 200x Server.
Right?
Is this just a solution for computers, which are part of a domain?
Isn't there also a solution for computers, which are part of a workgroup?
How can I add the required permission to the "network service" account, using another tool
(regedit, editor, ...)?
-----
My following workarround attempt failed:
I stopped the Windows-Remote (ws-managment) service. I changed the loggon user account of this
service from "network service" account to the "local administrator" account. I started the service
aggain. I got the following error message:
Windows could not start the Windows Remoteverwaltung
(WS-Verwaltung) on local computer.
Error 1079: The account specified for this service is different from the
from the account specified for other services running in the same process.
So andy hints who I can solve this problem?
How can I add the required permission to the "network service" acccount?
Thanks in advance for all your hints.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You probably need to run the command window as an administrator. And like I said previously, if you choose you don't need to run the command line arguments, you can adjust the setting in the console.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Must the described thing with the ADSIEDIT.msc realy be done?
As I understood, I need therefore RSAT (containing the ADSIEDIT.msc) & Windows Server.
The ADSIEDIT.msc- hint is the only hint, which I read and which I did not tried.
Since I can't imaging that this is the reason for receiving "Access is denied" on each simple winrm command.
Hey guys, has nobody an idea, what can be the reason / and the solution for the described problem?- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Given that WinRM works fine for me from both Windows 7 and Windows Vista and I've never heard of ADSIEDIT.msc, I think you are making this more complicated than it needs to be. And you certainly don't need Windows Server to use WinRM.
Like I mentioned before, are you running the command as an administrator? And I don't mean in an administrator account, I mean running the command window as administrator. The most obvious way is to right click on the Command Prompt option in the menu and select the "Run as Administrator" option in the menu that comes up.
Like I mentioned before, are you running the command as an administrator? And I don't mean in an administrator account, I mean running the command window as administrator. The most obvious way is to right click on the Command Prompt option in the menu and select the "Run as Administrator" option in the menu that comes up.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The administrator account used for the console must have a non blank password.
With such an administrator account the problem is solved.
With such an administrator account the problem is solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You have to add the user on the winrm server to the local group "Remote Management Users"
Reply
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page