0 votes

I'm trying to search a remote computer using the On Demand method but it fails with Access Denied. The login I'm using has Administrator privileges on the remote computer so it should work.

asked by (67.2k points)

1 Answer

0 votes

When running a search using the On Demand search method the Search Manager needs to connect the remote computer and start the Search Agent process automatically. For more information see:

FileLocator Network - How it works

This requires the Search Manager to connect with full Administrative privileges to the remote computer. To test whether or not you have the correct privileges try the following commands at the command prompt (replacing 'remote-machine' with a sample computer on your network):

sc \\remote-machine query

If it works you should see a list of service information. However, if you receive something like:

[SC] OpenSCManager FAILED 5:

Access is denied.

Then you need to do one or all of the following:

1. Provide explicit authentication details

Before the SC query login to the remote machine explicitly

net use \\remote-machine\IPC$ /user:Administrator
sc \\remote-machine query
net use \\remote-machine\IPC$ /delete

2. Switch off token filtering (Vista/Win 2008/Win 7)

If the remote computer is running Windows Vista or higher and has UAC switched on then, by default, the remote computer provides a filtered token for the logon session with standard user privileges instead of full administrator privileges. To allow full administrator privileges add the following registry value:

HKLM\Software\Microsoft\Windows\Policies\System
DWORD LocalAccountTokenFilterPolicy = 1

Note: This issue does NOT normally affect the Administrator account, only standard user accounts which are subsequently added to the Administrators group.

For more information please see (KB 951016):

http://support.microsoft.com/kb/951016

3. Switch off RPC/TCP (Vista/Win 2008/Win 7)

If the computer running the Search Manager is using Window Vista or higher then, by default, remote SCM requests are sent using RPC/TCP instead of RPC/NP (named pipes) used by earlier versions of Windows. In some scenarios this can cause authentication problems with the remote computers. To switch back to RPC/NP add the following registry value:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control
DWORD SCMApiConnectionParam = 0x80000000

(if there was a value previously there then combine the two values, e.g. if it was previously 0x03 then the new value should be 0x80000003).

For more information please see 'Services and RPC/TCP':

http://msdn.microsoft.com/en-us/library/dd578505.aspx

answered by (67.2k points)
...