RPC and Active Directory Perms - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » RPC and Active Directory Perms

Page 1 of 1

1

Topic Options

#31368 - 2002-10-24 05:53 PM RPC and Active Directory Perms
scottietaz scottietaz Lurker Registered: 2002-10-23 Posts: 4	I'm working in a Win2K environment with Active Directory. I'm having an interesting problem. When I try to access the macro @RSERVER during a logon script of a user who doesn't have read access on the directory the script abruptly aborts. (A user with read perms on AD has no problem at all.) I figure there is a problem with the KxRPC service and the lack of Read Perms on AD. Is there any way I can get around this constraint? I've tried list perms on AD with read on self but that doesn't work either. At the very least I would think that the script shouldn't stop all of a sudden.
Top

#31369 - 2002-10-24 06:44 PM Re: RPC and Active Directory Perms
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	The kiXtart RPC Service is only necessary for Windows x9 support. See KXRPC - Everything you wanted to know about KXRPC Also, which directory has the user no read permissions to? [ 24. October 2002, 18:46: Message edited by: sealeopard ] _________________________ There are two types of vessels, submarines and targets.
Top

#31370 - 2002-10-24 09:42 PM Re: RPC and Active Directory Perms
scottietaz scottietaz Lurker Registered: 2002-10-23 Posts: 4	I got all the RPC stuff working for users that have read access to AD. (Read on AD = go to the root of the domain in AD users & computers and check to see if everyone or said group has "Read" security access "on this object and children objects".) We removed the default setting of Pre-Windows 2000 Compatible Access group's read privileges. We don't want just anyone to be able to read a user's attributes. So certain users can read any object in the AD domain and others can't. Those that can read -- KiXtart works great. Those that can't read -- KiXtart bombs out if I try to access @FULLNAME @RSERVER ...and I'm not sure what else. So this is my dilemma. I don't want to give Read access to everyone in the domain just so KiXtart runs properly. I'm fairly sure this is a problem with the KxRPC interaction (probably the Kx95.dll from my read of article above) because I've tested with a Win95, Win98 and WinXP -- only the Win95 & Win98 machines have this problem. WinXP does just fine.
Top

#31371 - 2002-10-24 11:25 PM Re: RPC and Active Directory Perms
scottietaz scottietaz Lurker Registered: 2002-10-23 Posts: 4	I just found a KXRpc Event Log Event ID: 4099 Runtime info : (Error : Access is denied. (0x5/5) GetInfo() : NetUserGetInfo on : \\MyDC failed for MyDomain\MyUser.)
Top

#31372 - 2002-10-25 12:35 AM Re: RPC and Active Directory Perms
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Looks like you've been too restrictive with your permissions. KiXtart pulls it's information out of AD, too, and if the user that KiXtart runs under does not have the permission to read the information, then KiXtart will fail. So, basically, everything is working as advertised, it's just that your environment has been locked down a little bit too much. _________________________ There are two types of vessels, submarines and targets.
Top

#31373 - 2002-10-25 02:31 AM Re: RPC and Active Directory Perms
Les Les KiX Master Registered: 2001-06-11 Posts: 12734 Loc: fortfrances.on.ca	I think a case could be made to change the way KiX recovers from these situations in future versions. You may want to post a request to the suggestions section for Ruud. The macro should just return nothing but the script should not abort. _________________________ Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.
Top

#31374 - 2002-10-25 03:15 AM Re: RPC and Active Directory Perms
Sealeopard Sealeopard KiX Master Registered: 2001-04-25 Posts: 11165 Loc: Boston, MA, USA	Actually, the access denied error code in @ERROR should also be set. _________________________ There are two types of vessels, submarines and targets.
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Who's Online

0 registered and 874 anonymous users online.

Newest Members

StuTheCoder, M_Moore, BeeEm, min_seow, Audio
17884 Registered Users

Generated in 0.059 seconds in which 0.029 seconds were spent on a total of 12 queries. Zlib compression enabled.

click tracking