Versions Compared

Old Version 37

changes.mady.by.user Mark Unwin

Saved on

compared with

New Version 38

changes.mady.by.user Mark Unwin

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
C:\Users\opDev>wmic /user:YOUR_DOMAIN\YOUR_USERNAME /password:YOUR_PASSWORD /node:YOUR_IP os get name
Name
Microsoftr Windows Serverr 2008 Enterprise |C:\Windows|\Device\Harddisk0\Partition1

If the response is: Description: RPC Server is unavailable, then you have a firewall or other issue.

If the response is: Description: Access Denied Facility = Win32 then the credentials that were supplied don't have Windows DCOM permissions on the Target machine.

If the response is: Description: Access denied Facility = WMI then the credentials that were supplied don't have WMI Security permissions on the Target machine.


Matching Discovery Logs to WMI issues

If you see the below, the the following fixes.

ERROR: Failed to install service winexesvc - NT_STATUS_ACCESS_DENIED

This most likely means the user account being used does not have sufficient rights on the target machine.

To fix this issue, see the section above on this page for UAC.

ERROR: StartService Failed. NT_STATUS_ACCESS_DENIED

We are still investigating possible causes for this issue.

ERROR: Failed to save ADMIN$/winexesvc.exe. NT_STATUS_ACCESS_DENIED.

Is the ADMIN$ share enabled? Check as below.

ERROR: UploadService failed. NT_STATUS_ACCESS_DENIED.

Is the ADMIN$ share enabled? Check as below.


Winexe requirements (Linux only) on Windows machines


Enabled services: Workstation, Server.

"Windows Network" is running and "Printer and File Sharing" are activated.


Enabled "Remote IPC" and "Remote Admin" shares. To verify it, in cmd box run command "net share", and check if there are ADMIN$ and IPC$ shares.


An account with administrative privileges and not empty password. If Windows machine is not on a domain, it is best to use the Administrator account (see above).

Firewall rules allowing traffic between both machines.



AntiVirus

Some antivirus programs have been known to disable DCOM and remote WMI. You might check the settings of your antivirus program and disable them for testing. We recently had a report of Trend AV specifically blocking calls to winexesvc when auditing Windows computers.

...