Enabling Remote Access for WSH on Windows NT 4.0 SP6 
Author Message
 Enabling Remote Access for WSH on Windows NT 4.0 SP6

I have two machines, A and B, running Windows NT4.0 SP6.  I have a WSH script running on machine A that I want to remotely run a script on machine B.  

I currently get a "Permission denied" error when I run my remote script.  I used to get an "Automation server can't create object" error, but I ran "wscript -regserver" and ensured that the "Microsoft\Windows Script Host\Remote" registry setting was set to 1 and now I get the "Permission denied" error.

Does anyone know what I need to do to properly enable remote WSH under Windows NT?  I've read something about needing a "windowsscript.adm" file, but I don't know what would need to be in such a file.  

Any help is greatly appreciated.

- Sarah

**********************************************************************

Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...



Sat, 06 Nov 2004 01:27:24 GMT  
 Enabling Remote Access for WSH on Windows NT 4.0 SP6
NT had poor defaults for Impersonation Level,

You may need to check the following properties of the
SWbemSecurity object:

Authentication Level,
Impersonation Level,
Priviledges

If your script is running as less than administrator on
the remote machines it may not have the priviledge it needs.

The most likely problem is your Impersonation Type
should be set to "Impersonate" (=3) to allow the remote
script to loggon with your priviledges.  This is now the default
under WindowsXP but NT probably is using "Identify" which
typically fails for remote connections.

You can modify the default setting by changing the "Security_"
property of the SWbemServices object. (instantiated by
the ConnectServer method).
For example (connecting to the local machine to set these defaults:)

' VBScript:
Dim oWmiLoc
Dim oWmiSvc

Set oWmiLoc = CreateObject("WbemScripting.SWbemLocator")
Set oWmiSvc = oWmiLoc.ConnectServer
oWmiSvc.Security_.AuthenticationLevel = 2
oWmiSvc.Security_.ImpersonationLevel = 3
oWmiSvc.Security_.Privileges.Add 23, True
' Auth level 2 is authorize once on connection
' impersonation level 3 is impersonate (log in as the caller = you)
' Privilege 23 allows shutting down the remote machine remotely,
' you can look up other privileges you may have disabled

' NOW the defaults are changed for the parent SWbemSecurity
' so the rest of the script should be able to connect to other
' remote machines as well
' your vbScript script here......
'

***********************************************************************
As another example the following works on an all WinXP LAN
(peer ro peer) and did not require any changes of the default settings.
It is shown in Jscript.  All remote machines on the LAN run the
program C:\UTIL\beep.com and beep when this is run.  Note that
beep.com needs to be present on the remote machines for this
example to do anything.  I run it logged in as an administrator.

file: beeper.wsf

<job>
<script language = "JScript">
//------------------- Main  JScript Routine -----------------------------------
var oWshShell;
var oWshNetwork;
var sComputerName;
var e;
var sComputerName;
var sDomain;
var oWmiLoc;
var oWmiSvc;
var oWmiW32cpu;
var oComputerList;
var oWmiProcess;

try{
  // Create WSH Shell object for message popup boxes
  oWshShell = WScript.CreateObject("WScript.Shell");

  // Create WSH Network object to get computer name
  oWshNetwork =  WScript.CreateObject("WScript.Network");
  sComputerName = oWshNetwork.ComputerName;

  // Create WMI Win32_ComputerSystem object to get Domain name
  oWmiLoc = new ActiveXObject("WbemScripting.SWbemLocator");
  oWmiSvc = oWmiLoc.ConnectServer(sComputerName, "/root/cimv2");
  oWmiW32cpu = oWmiSvc.Get("Win32_ComputerSystem='"+sComputerName+"'");
  sDomain = oWmiW32cpu.Domain;

  // Get list of computers from Active Directory Service Interface = ADSI
  oComputerList = GetObject("WinNT://" + sDomain);

  // Checking if each pc is active on the domain (will it respond to pinging)
  for(e = new Enumerator(oComputerList); !e.atEnd(); e.moveNext()) {
    oComputer = e.item();                   // Check each item on list
    if (oComputer.Class == "Computer") {    // Only want computers, not "Schema"
      if(oComputer.Name != sComputerName){  // Skip source computer (this one)

        if(ping(oComputer.Name)){           // ping remote computers
          // if they respond to a ping tell them to execute a local command:
          oWmiSvc = oWmiLoc.ConnectServer(oComputer.Name, "/root/cimv2");
          oWmiProcess = oWmiSvc.get("Win32_Process");
          oWmiProcess.create("cmd.exe /c c:\\util\\beep.com");
        }
        else {                              // no ping response
          oWshShell.Popup("No ping response from " + oComputer.Name, 2, "FYI Notice", 16);
        }
      }
    }
  }

Quote:
}

catch(err) {
  ShowError(err);
Quote:
}

WScript.Quit(-1);
//-----------------------------------------------------------------------------
function ShowError(oError) {
  var sMessage;
  var sFacilityCode;
  var sScriptPath;
  var sErrorCode;

  sFacilityCode = oError.number >> 16 & 0x1FFF;
  sErrorCode = oError.number & 0xFFFF;
  sMessage = "Description:  " + oError.description + "   \n" +
             "Number:       " + hex(oError.number).toUpperCase() + "   \n" +
             "Facility:        " + sFacilityCode + "   \n" +
             "Error Code:  " + sErrorCode + "   \n" ;

  oWshShell.Popup(sMessage, 10, "Script Error Handler", 16);
  throw(oError);

Quote:
}

//-----------------------------------------------------------------------------
function hex(nmb)
{
  if (nmb > 0)
    return nmb.toString(16);
  else
    return (nmb + 0x100000000).toString(16);
Quote:
}

//-----------------------------------------------------------------------------
function ping(sMachine) {
  var oPing
  var sResp;
  var oP;
  var e;
  var bResult;

  try {
    oPing = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery(
    "SELECT * FROM Win32_PingStatus WHERE address = '" + sMachine + "'");
    for (e = new Enumerator(oPing); !e.atEnd(); e.moveNext()) {
      oP = e.item();
      sResp = oP.StatusCode;
      break;
    }
    if (sResp == 0) {
      //WScript.echo("Ping Status = 0, machine " + sMachine + " is responding.");
      bResult = true;
    }
    else {
      //WScript.echo("Ping Status not 0, machine " + sMachine + " is NOT responding.");
      bResult = false;
    }
  }
  catch(err) { ShowError(err); }
  return(bResult);

Quote:
}

//-----------------------------------------------------------------------------
</script>
</job>

Quote:

>I have two machines, A and B, running Windows NT4.0 SP6.  I have a WSH script running on machine A that I want to remotely run a script on machine B.  

>I currently get a "Permission denied" error when I run my remote script.  I used to get an "Automation server can't create object" error, but I ran "wscript -regserver" and ensured that the "Microsoft\Windows Script Host\Remote" registry setting was set to 1 and now I get the "Permission denied" error.

>Does anyone know what I need to do to properly enable remote WSH under Windows NT?  I've read something about needing a "windowsscript.adm" file, but I don't know what would need to be in such a file.  

>Any help is greatly appreciated.

>- Sarah

>**********************************************************************

>Comprehensive, categorised, searchable collection of links to ASP & ASP.NET resources...

---



Sat, 06 Nov 2004 04:46:43 GMT  
 Enabling Remote Access for WSH on Windows NT 4.0 SP6

Quote:

> I have two machines, A and B, running Windows NT4.0 SP6.  I have a
> WSH script running on machine A that I want to remotely run a script
> on machine B.  

> I currently get a "Permission denied" error when I run my remote
> script. ...

The account that the local 'controller' script runs under must be a member of the Administrators group on the remote machine.

By default, WshRemote's DCOM launch permissions don't allow non-admin users...  You *could* change that via DCOMCNFG on the remote machine, but I wouldn't recommend it.

P.S. - This the correct NG for the question.  Although microsoft.public.scripting.remote sounds logical, it actually meaning remote web-based script calls from a browser client to server side ASP without round-tripping the browser;-)...

--
Michael Harris
Microsoft.MVP.Scripting
Seattle WA US
--



Sat, 06 Nov 2004 08:36:11 GMT  
 
 [ 3 post ] 

 Relevant Pages 

1. Access the registry of a remote NT 4.0 machine

2. Security Concerns for implementing WSH in a Windows NT 4.0 environment

3. Problems Installing Windows Script 5.0 and Windows Script Host 2.0 Beta on Windows NT 4.0

4. Security Concerns for implementing WSH in a Windows NT 4.0 environment

5. WSH on NT 4.0 Server without IE 4.0 (5.0)

6. writing vbscript to know the OS of a remote PC ( is WIndows NT or WIndows 2000)

7. Enable DHCP on Windows NT Works.

8. Enabling Remote WSH

9. How to enable Remote WSH

10. page setup with CorelDraw 6.0 under Windows NT 4.0

11. Font quality from Postscript on Windows NT 4.0

12. Trying to get old PS printer working from Windows NT 4.0

 

 
Powered by phpBB® Forum Software