Re: Why would services.msc & services.exe be "Access Denied" in WinXP?

From: Steven L Umbach (n9rou_at_n0-spam-for-me-comcast.net)
Date: 11/08/05 

Date: Mon, 7 Nov 2005 19:20:28 -0600

Access denied message is usually do to lack of permission. If the message
also says due to restrictions on your computer, a Software Restriction
Policy, or see administrator there is probably some kind of Group Policy
setting. If you can open gpedit.msc then use Group Policy and go to computer
configuration/administrative templates/Windows components/Microsoft
management console to see if any mmc snapins such as services.msc are
restricted there. If you use regedit you can also look under the registry
key [HKEY_CURRENT_USER\Software\Policies\Microsoft\MMC] to see if anything
is configured there which would indicate the Group Policy could be
restricting access. --- Steve

"Susan Sharm" <susanshaarm@yahoo.com> wrote in message
news:1131345232.364516.274020@g47g2000cwa.googlegroups.com...
> Steven L Umbach wrote:
>> Your permissions look fine for services.msc.
>> What is the exact error you get when you are denied access and when
>> you look in the application log via Event Viewer in Computer Management
>> are there any warnings [Software Restriction Policies, etc] that may be
>> related to running services.msc??
>> If you can, run rsop.msc to check for Group Policy restrictions
>> under administrative templates/Windows components/Microsoft
>> Management Console and administrative templates/system.
>> Use filemon to try and track down where access is being denied.
>
> Thank you again Steven.
> When I Start, Run, services.msc, there is no other error visible other
> than "access denied". Likewise when I Start, Run, rsop.msc (whatever
> that is), I get "Access Denied".
>
> After attempting services.msc & rsop.msc, I right-clicked "My
> Computer", pressed "Manage", selected the "Event Viewer" in the
> resulting "Computer Management" console. Three items were available,
> "Application", "Security", & "System".
>
> I am very confused about what I see. For example, if I sort by date the
> "Application" selection, I see multiple events (from McAfee VirusScan
> perhaps?) of the format:
> - Type=Error, Date=11/6/2005, Time=9:22:43PM, Source=McLogEvent,
> Category=none, Event=1006, User=N/A, Computer=SUSAN Description=Task
> Manager : Service Error : MID Configuration Applicator: Password
> authentication failed.
>
> Likewise, when I run filemon.exe, there is so much output that I am not
> sure what exactly I am looking for. I see very many entries in
> filemon.exe of the format, but maybe this is of interest:
> - #=24, Time=10:32:19 PM, Process=explorer.exe:1816, Request=QUERY
> INFORMATION, Path=C:\windows\sytem32\services.msc, Result=SUCCESS,
> Other=Attributes: D
> - #=77, Time=10:33:25 PM, Process=explorer.exe:1816, Request=QUERY
> INFORMATION, Path=C:\WINDOWS\system32\rsop.msc, Result=SUCCESS,
> Other=Atributes: C
>
> If I look at the wmiprov.log, I see a zillion entries of:
> (Sun Nov 06 22:22:48 2005.2117284) :
> (Sun Nov 06 22:22:49 2005.2118325) : WDM call returned error: 4201
> (Sun Nov 06 22:22:49 2005.2118325) :
> ***************************************
> (Sun Nov 06 22:22:49 2005.2118325) : The instance name passed was not
> recognized as valid
> (Sun Nov 06 22:22:49 2005.2118325) :
> ***************************************
> (Sun Nov 06 22:22:49 2005.2118325) : The instance name passed was not
> recognized as valid(Sun Nov 06 22:22:49 2005.2118325) :
> (Sun Nov 06 22:22:50 2005.2119377) : WDM call returned error: 4201
> (Sun Nov 06 22:22:50 2005.2119377) :
> ***************************************
>
> If I look in c:\windows\system32\WBEM\Logs\wbemess.log, I see millions
> of entries of:
> (Sun Oct 30 22:32:01 2005.2581922) : NT Event Log Consumer: could not
> retrieve sid, 0x8005100
> (Sun Oct 30 22:32:40 2005.2621459) : NT Event Log Consumer: could not
> retrieve sid, 0x80051003
> (Sun Oct 30 22:39:25 2005.3026141) : NT Event Log Consumer: could not
> retrieve sid, 0x80051003
> (Sun Oct 30 22:39:34 2005.3035284) : NT Event Log Consumer: could not
> retrieve sid, 0x80051003
> (Sun Oct 30 22:39:34 2005.3035284) : Failed to log an event: 1F
>
> Looking at C:\WINDOWS\system32\WBEM\Logs\wbemprox.log, I see entries
> like
> (Sun Oct 30 22:29:34 2005.3035354) : ConnectViaDCOM, CoCreateInstanceEx
> resulted in hr = 0x80005003
> (Sun Oct 30 22:29:34 2005.3035424) : ConnectViaDCOM, CoCreateInstanceEx
> resulted in hr = 0x80005003
> (Sun Oct 30 22:29:35 2005.3035815) : ConnectViaDCOM, CoCreateInstanceEx
> resulted in hr = 0x80005003
>
> Does any of this make sense to you?
> Susan
>

Relevant Pages

  • Policy - Admin Locked Out
    ... I created a new policy and set the Do ... understand the entries. ... entries in the sysvol file structure, ... to logoff, log back on, and regain admin rights? ...
    (microsoft.public.win2000.active_directory)
  • Re: Policy - Admin Locked Out
    ... I created a new policy and set the Do ... > understand the entries. ... > entries in the sysvol file structure, ... > to logoff, log back on, and regain admin rights? ...
    (microsoft.public.win2000.active_directory)
  • Re: 3rd smtp domain
    ... You can have a lot more entries than two. ... to accept mail for a domain it just needs to be included a recipient policy. ... already have multiple smtp domains to begin with. ... I added the last domainname under the 1st priority entry in recipient ...
    (microsoft.public.exchange.admin)
  • policies stuck in default user!
    ... I guess what is basically happening, is the registry ... but the local machine does not see it ... I go into Local Comp Policy, ... shaving session and hunt for all the entries I can. ...
    (microsoft.public.windowsxp.setup_deployment)
  • Re: Intermittant GPO failure to apply
    ... If you have backup your group policy before, you can restore it from the ... 244474 How to force Kerberos to use TCP instead of UDP in Windows Server ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
Quantcast