Announcement

Collapse
No announcement yet.

Alternate Administrator Accounts not Working with Windows 2008 and Later

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Alternate Administrator Accounts not Working with Windows 2008 and Later

    Alternate Administrator Accounts not Working with Windows 2008 and Later

    Revision: 1.2
    Date: 03/19/2015

    Problem:

    When attempting to connect to a target system that is Windows Vista/2008 or newer from a host system that is Windows Vista/2008 or newer using alt-admins to connect or manage services you receive an error such as Connect failed, error 10001 – No admin access (anonymous only) achieved or admin access denied. Worse yet, this is not a standard Windows networking error. The problem does not exist when connecting to Windows 2003 and earlier systems or when the product is hosted on a 2003 system.

    This affects all calls to the Service Control Manager (SCM) which is used to manage services and can affect basic connections.

    Cause:

    The issue stems from changes on the Microsoft networking and communications stack that was introduced in Windows Vista/2008 and is outlined in this MS article: Services and RPC/TCP. Microsoft defaults to using RPC/TCP rather than RCP/NP (RPC over named pipes). The difference is that RPC/TCP does not inherit connection credentials while RCP/NP does. Hence the alternate administrators will not work in Windows Vista/2008 and later to a Windows Vista/2008 and later host without forcing the product host to use RPC/NP.

    Resolution:

    RPC/TCP is controlled by the SCMApiConnectionParam, DisableRPCOverTCP, and DisableRemoteScmEndpoints registry values, which are all under the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l key. All of these values have a REG_DWORD data type. The following procedures show how to use these registry values to control RPC/TCP.

    Create a new DWORD at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l called SCMApiConnectionParam. Set its data value to be HEX and enter 80000000.

    Restart the application.

    Applies To:
    Enterprise Random Password Manager (ERPM)
    Service Account Manager (SAM)
    Last edited by Chris; 10-22-2015, 02:08 PM.
    Support
    support@liebsoft.com
    _________________________

    1875 Century Park East, Suite 1200
    Los Angeles, CA 90067
    http://www.liebsoft.com
    Main: (800) 829-6263
    International: +1 (310) 550-8575
    Fax: (310) 550-1152
Working...
X