...
Code Block |
---|
C:\Users\opDev>wmic /user:YOUR_DOMAIN\YOUR_USERNAME /password:YOUR_PASSWORD /node:YOUR_IP os get name Name Microsoftr Windows Serverr 2008 Enterprise |C:\Windows|\Device\Harddisk0\Partition1 |
If the response is: Description: RPC Server is unavailable, then you have a firewall or other issue.
If the response is: Description: Access Denied Facility = Win32 then the credentials that were supplied don't have Windows DCOM permissions on the Target machine.
If the response is: Description: Access denied Facility = WMI then the credentials that were supplied don't have WMI Security permissions on the Target machine.
Matching Discovery Logs to WMI issues
If you see the below, the the following fixes.
ERROR: Failed to install service winexesvc - NT_STATUS_ACCESS_DENIED
This most likely means the user account being used does not have sufficient rights on the target machine.
To fix this issue, see the section above on this page for UAC.
ERROR: StartService Failed. NT_STATUS_ACCESS_DENIED
We are still investigating possible causes for this issue.
ERROR: Failed to save ADMIN$/winexesvc.exe. NT_STATUS_ACCESS_DENIED.
Is the ADMIN$ share enabled? Check as below.
ERROR: UploadService failed. NT_STATUS_ACCESS_DENIED.
Is the ADMIN$ share enabled? Check as below.
Winexe requirements (Linux only) on Windows machines
Enabled services: Workstation, Server.
"Windows Network" is running and "Printer and File Sharing" are activated.
Enabled "Remote IPC" and "Remote Admin" shares. To verify it, in cmd box run command "net share", and check if there are ADMIN$ and IPC$ shares.
An account with administrative privileges and not empty password. If Windows machine is not on a domain, it is best to use the Administrator account (see above).
Firewall rules allowing traffic between both machines.
AntiVirus
Some antivirus programs have been known to disable DCOM and remote WMI. You might check the settings of your antivirus program and disable them for testing. We recently had a report of Trend AV specifically blocking calls to winexesvc when auditing Windows computers.
...