Locked out from Class Security (Full Version)

All Forums >> [Management Products] >> Microsoft Systems Management Server >> SMS 2003



Message

kpark -> Locked out from Class Security (5/10/2008 4:53:42 PM)

Hello,

After a long day of rebuilding one of my 5 primarys, when i was checking the Class security in the console, i mistakenly removed the enterprise admins group  (which i am a memeber of) from the Reporting area. Does anybody have any advice how to add this back in?

the only item in here with administer rights is NTAuthority\System

what i have done so far
I opened up the SMS_UserClassPermissions in wbemtest and found the objectkey for reports (objectkey '8;) i tried to add the  modify the class perssion from in here but i received a error code 80041001 Generic Failure. after testing on different areas of the console this is down to permissions.

So i need to be able to re-apply the permissions to the reports area. the next thing i will try is to remove the reporting point then re add it but i can't see this fixing it,
any help is appreciated.

Thanks



jbezdan -> RE: Locked out from Class Security (5/10/2008 8:41:14 PM)

Go out to http://www.pluralsight.com/books/pws/samples.htm and download the tools.  Extract the CmdAsUser.zip file and get the cmdasuser.exe out of the bin folder.  Copy it to the root of C:\ on the server, then open a command prompt and run: c:\cmdasuser.exe localsystem

Another command prompt will open with "Local System" in the title bar.  From there, run mmc.exe and then load in the System Management Server snapin.  From there you should be able to go to the report class and give the group rights again.  I just tested this on a lab SMS site and it worked for me.

That tool is also useful for testing how a software distribution will behave when it is run as the system account on workstations.



kpark -> RE: Locked out from Class Security (5/11/2008 8:17:26 AM)

Thanks for this information,

However we must have something in the security template on our servers as once i execute it the localsystem window flashes up then quickly dissappears. i have tried this on a standard XP client and it works. howver on the standard xp client i can't connect to the database to change the permissions due to internal firewalls which i will get a rule added next week

do you know if this could be a default setting on the server to prevent this localsystem window running?



kpark -> RE: Locked out from Class Security (5/11/2008 8:46:11 AM)

Great,  I managed to work around the cmdasuser

i logged on the the server remotely in /console mode and set a schedule task the run cmd.exe /interactive

this work and now i can add myself in to the security of the reports.

Thanks for you response, and i hope it can help others




jbezdan -> RE: Locked out from Class Security (5/11/2008 2:38:10 PM)

I am glad you got it working.  I assume you mean that you did the scheduled task using an AT.exe command and not the Task Scheduler gui interface?

It could be a policy issue on the cmdasuser not running.  Were you running it from another cmd.exe window or  from Start - Run?  I know it will behave that way from Start - Run.

Either way, I am glad all it all worked out.



Page: [1]

Valid CSS!




Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI
0.1875