Saturday, February 27, 2010

To allow DCOM traffic through ISA Server


Many of us could have encounterd problem while executing VB Scripts or WMI Queries from ISA Server and got "RPC Unavailable" error.

In order to allow DCOM traffic, you can create a rule in ISA to "Allow RPC to ISA from trusted servers".

Disable "RPC strict compliance (to allow DCOM)" after which WMI Queries and VB Scripts execution will be successful.
Happy Learning!!!

Thursday, February 25, 2010

Windows 2003 Account Management Security Events

As System Administrators, we want to capture few events such as Account Created, Account Deleted, Account lockout etc for audit and security compliant purpose. I'm hereby providing details of few security events which are mostly useful.

Event ID--OS--Eventlog Source--Description

539--Win NT,DC--Security--Account Lockout (In WinNT)

624--Win2000, Win2003--Security--User Account Created

630--Win2000, Win2003--Security--User Account Deleted

631--Win2000, Win2003, DC--Security--Global security group created

634--Win2000, Win2003, DC--Security--Security global group deleted

634--Win2000, Win2003, DC--Security--Security global group deleted

635--Win2000, Win2003, DC--Security--Local security group created.

638--Win2000, Win2003, DC--Security--Security local group deleted

644--Win2003,DC--Security--Account Lockout (In Win2k3)

647--Win2000, Win2003, DC--Security--Computer Account Deleted

648--Win2000, Win2003, DC--Security--Distribution local group created

652--Win2000, Win2003, DC--Security--Distribution local group deleted

653--Win2000, Win2003, DC--Security--Global distribution group created

657--Win2000, Win2003, DC--Security--Distribution global group deleted

658--Win2000, Win2003, DC--Security--Security universal group created

662--Win2000, Win2003, DC--Security--Security universal group deleted

663--Win2000, Win2003, DC--Security--Distribution universal group created

667--Win2000, Win2003, DC--Security--Distribution universal group deleted

Saturday, February 13, 2010

Unable to install any Application

The issue could be with ePO for McAfee VirusScan

1.Click Start > Run.
2.Type cmd and press Enter.
3.Type cd\ and press Enter.
4.Type cd program files and press Enter.
5.Type cd mcafee and press Enter.
6.Type cd common framework and press Enter.
7.Type frminst /remove=agent and press Enter.
8.The McAfee Agent and Updater Setup window will open and begin removing ePolicy Orchestrator

1.Make a backup of your registry before you begin. Proceed with these instructions only if you are confident about what you are doing.

2.Click Start > Run.
3.Type regedit and press Enter. This will open Registry Editor.
5.Locate the McAfee registry key and the Network Associates registry key. You may have one or both of these.
6.Expand the McAfee and Network Associates registry keys to inspect their contents and sub-keys.
 If you have McAfee or Network Associates software installed on your computer apart from McAfee VirusScan and McAfee ePO, then you should use caution when considering whether or not you want to delete these registry keys. If you delete these registry keys, you may find that other McAfee or Network Associates software no longer functions as expected. If you are sure that you do not have any additional McAfee or Network Associates software installed, delete the McAfee registry key and the Network Associates registry key.

Friday, February 12, 2010

WMI Test fails with error 0x80070005


If WMI Test fails with below error.

     \root\cimv2 Remote WMI access test FAILED
     Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

1. Ensure that Windows Management Instrumentation (WMI) Service is running on Remote System
2. Ensure that all Firewalls are turned off (Windows Firewall, Personal Firewall etc) or allow exception for RPC traffic
3. Execute WMI Diag and check for Error Codes, Reasons and solutions for the issue. Most of the times, WMI Diag result itself gives solution to all errors.

For above error, the reason could be as below in WMI Diag result.

32104 00:05:58 (1) !! ERROR: DCOM Status: ................................................................................................. ERROR!
32105 00:05:58 (1) !! ERROR: => The DCOM configuration on this computer is DISABLED

This prevents WMI to work correctly.

You can fix the DCOM configuration by

1. Executing the 'DCOMCNFG.EXE' command.
2. Expanding 'Component Services' and 'Computers' nodes.
3. Editing properties of 'My Computer' node.
4. Editing the 'Default properties' tab.
5. Activate the 'Enable Distributed COM on this computer' checkbox.

From the command line, the DCOM configuration can be corrected with the following command:

'REG.EXE Add HKLM\SOFTWARE\Microsoft\Ole /v EnableDCOM /t REG_SZ