[THIN] Re: Failing system services due to Access Denied

• From: "Ziots, Edward" <EZiots@xxxxxxxxxxxx>
• To: "'thin@xxxxxxxxxxxxx'" <thin@xxxxxxxxxxxxx>
• Date: Wed, 19 Feb 2003 17:16:03 -0500

Find out which exe runs the service, and then ensure the SYSTEM account, or
whatever account the service runs under has access to the exe. Also, ensure
that you dont have registry permissions problems also. 

You can use a custom Security template in Windows 2000, to import a change
to auditing and security on a service. Once you configure this template do
the following. 

secedit /configure /db temp1.sdb /cfg C:\winnt\security\services.inf
/overwrite /areas SERVICES /verbose /log temp1.log

THis will take the settings in the services.inf security template and only
apply the services portion of the template to your existing setting. 

You can also use SUBINACL to modify the settings on a service and grant
needed privileges. 

HTH
Ed

-----Original Message-----
From: Mario Villarreal [mailto:MarioV@xxxxxxxxx]
Sent: Wednesday, February 19, 2003 2:40 PM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Failing system services due to Access Denied



Let me know how it goes.....

-----Original Message-----
From: Stephen Greenberg [mailto:steveg@xxxxxxxxxxxxxx] 
Sent: Wednesday, February 19, 2003 12:13 PM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Failing system services due to Access Denied



That sounds like the most likely candidate, I think there was "locking down"
that went on and it may be that System lacks rights to the system drive
itself

thanks

Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax
steveg@xxxxxxxxxxxxxx



-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Mario Villarreal
Sent: Wednesday, February 19, 2003 11:02 AM
To: 'thin@xxxxxxxxxxxxx'
Subject: [THIN] Re: Failing system services due to Access Denied



We have many w2k machines in our NT domain.  Did you login to the w2k box
with the local admin account and make sure that the domain admins have full
control, also make sure that "system" has full control to all the drives.
We had this issue before, and that's how we resolved it.  Not sure if it
helps, but there you go.

-----Original Message-----
From: Stephen Greenberg [mailto:steveg@xxxxxxxxxxxxxx]
Sent: Wednesday, February 19, 2003 11:45 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Failing system services due to Access Denied



Server is a member of the NT 4 domain, the user I log in the Administrator.
The problem is that automatic services are failing with a rights issue on
boot up, or, when I try to start them as Administrator. These are services
that require they be run as the LocalSystem account. I am not clear on how
to affect that account.

thanks

Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax
steveg@xxxxxxxxxxxxxx



-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Paul DeHaan
Sent: Wednesday, February 19, 2003 10:39 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Failing system services due to Access Denied



I have seen that happen a few times when the account you are logging
into the server doesn't have those rights.  Add the Domain user that you
are logging into that server with to the policy...

Also since this is a member server (assuming)..is this user part of the
local Administrators group?

Paul

>>> steveg@xxxxxxxxxxxxxx 02/19/03 02:28PM >>>


Does this apply to the localsystem account? This is not an actual user
account like administrator, joe, etc.

Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax
steveg@xxxxxxxxxxxxxx



-----Original Message-----
From: thin-bounce@xxxxxxxxxxxxx [mailto:thin-bounce@xxxxxxxxxxxxx]On
Behalf Of Paul DeHaan
Sent: Wednesday, February 19, 2003 10:19 AM
To: thin@xxxxxxxxxxxxx
Subject: [THIN] Re: Failing system services due to Access Denied



If you are running an NT4.0 domain, you will need to set the Local
Security Policy for that Win2k machine.  You will need give the
account
that you are using access to the following:

Find these under \Local policies\User rights assignments
Log on as a service
Log on as a batch job
Log on locally

You will need local Admin privs to make these changes.

HTH,
Paul

>>> steveg@xxxxxxxxxxxxxx 02/19/03 02:00PM >>>


I have a client with a new Win2000 TS box in an NT4 domain. What is
happening is that certain local services, such as Task Schedule and TS
Licensing, fail to start due to "Error 5: Access Denied". What is
happening
is that the system will not start services that use the LocalSystem
account.

I found info at MS Support related to AD Group Policies causing this,
but
the info does not directly apply to WIN2K in an NT domain. Does
anybody
know
the fix? Note- If run other services as Administrator they work, but
certain
ones must run as LocalSystem

thanks

Steve Greenberg
Thin Client Computing
34522 N. Scottsdale Rd. suite D8453
Scottsdale, AZ 85262
(602) 432-8649
(602) 296-0411 fax
steveg@xxxxxxxxxxxxxx


*********************************************************
This Week's Sponsor - Neoware
Now through March 31, 2003
Neoware is offering a Capio 500/Eon Proven 2100
for $299! Click the link below:
http://www.neoware.com/promocp4a/thinnetban.html
**********************************************************

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
*********************************************************
This Week's Sponsor - Neoware
Now through March 31, 2003
Neoware is offering a Capio 500/Eon Proven 2100
for $299! Click the link below:
http://www.neoware.com/promocp4a/thinnetban.html
**********************************************************

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

*********************************************************
This Week's Sponsor - Neoware
Now through March 31, 2003
Neoware is offering a Capio 500/Eon Proven 2100
for $299! Click the link below:
http://www.neoware.com/promocp4a/thinnetban.html
**********************************************************

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
*********************************************************
This Week's Sponsor - Neoware
Now through March 31, 2003
Neoware is offering a Capio 500/Eon Proven 2100
for $299! Click the link below:
http://www.neoware.com/promocp4a/thinnetban.html
**********************************************************

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

*********************************************************
This Week's Sponsor - Neoware
Now through March 31, 2003
Neoware is offering a Capio 500/Eon Proven 2100
for $299! Click the link below:
http://www.neoware.com/promocp4a/thinnetban.html
**********************************************************

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
*********************************************************
This Week's Sponsor - Neoware
Now through March 31, 2003
Neoware is offering a Capio 500/Eon Proven 2100
for $299! Click the link below:
http://www.neoware.com/promocp4a/thinnetban.html
**********************************************************

For Archives, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

*********************************************************
This Week's Sponsor - Neoware 
Now through March 31, 2003 
Neoware is offering a Capio 500/Eon Proven 2100 
for $299! Click the link below:
http://www.neoware.com/promocp4a/thinnetban.html
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
*********************************************************
This Week's Sponsor - Neoware 
Now through March 31, 2003 
Neoware is offering a Capio 500/Eon Proven 2100 
for $299! Click the link below:
http://www.neoware.com/promocp4a/thinnetban.html
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm
*********************************************************
This Week's Sponsor - Neoware 
Now through March 31, 2003 
Neoware is offering a Capio 500/Eon Proven 2100 
for $299! Click the link below:
http://www.neoware.com/promocp4a/thinnetban.html
**********************************************************

For Archives, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
http://thethin.net/citrixlist.cfm

Other related posts:

• » [THIN] Failing system services due to Access Denied
• » [THIN] Re: Failing system services due to Access Denied
• » [THIN] Re: Failing system services due to Access Denied
• » [THIN] Re: Failing system services due to Access Denied
• » [THIN] Re: Failing system services due to Access Denied
• » [THIN] Re: Failing system services due to Access Denied
• » [THIN] Re: Failing system services due to Access Denied
• » [THIN] Re: Failing system services due to Access Denied
• » [THIN] Re: Failing system services due to Access Denied
• » [THIN] Re: Failing system services due to Access Denied
• » [THIN] Re: Failing system services due to Access Denied

1. Home
2. thin
3. Archive
4. 02-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---