Archived from groups: microsoft.public.win2000.security (
More info?)
Are the ports open on the internal adapter that you need to connect to? If nothing
was logged, it sounds as if the target computer never got the request. You can try
port scanning that adapter or using Ethereal to see what is happening to your
connection request as in if is getting any response from the remote computer or not
and if there is a response, sometimes digging into the details of the packet response
can help. Try connecting via the internal lan IP address instead of computer
name. --- Steve
"Matt" <spammers@are.bad.com> wrote in message news:ccuhkl0jqd@enews3.newsguy.com...
> Steve,
> Nothing is being logged on the connecting or the connected to computer.
> They are both set to log success/failures.
> Domain admins group is part of the local admin group =\
> File and print sharing is enabled.
> no ipsec here.
>
>
> Steven L Umbach wrote:
>
> > So you tried to use Computer Management - other computer and it said access
denied
> > while trying to connect to the lan interface. I would check to make sure that the
> > domain admins group is still in the local administrators group on that server and
> > that file and print sharing is enabled on the internal lan interface. If auditing
of
> > logon events is enabled on that server, I would look in the security log to see
what
> > the reason is for the logon failure. An ipsec policy with a require policy on
either
> > end could deny access if ipsec negotiation failed. --- Steve
> >
> >
> >
> > "Matt" <spammers@are.bad.com> wrote in message
news:ccu1hr014fc@enews1.newsguy.com...
> >
> >>I'm on the same subnet as it, it is not behind a firewall, so it would
> >>be equivallent to a local LAN.
> >>
> >>Steven L Umbach wrote:
> >>
> >>>Exactly how did you try to connect to it?? Local lan, over a vpn, through
remote
> >>>TS?? --- Steve
> >>>
> >>>
> >>>"Matt" <spammers@are.bad.com> wrote in message
> >
> > news:ccmrrf01sa9@enews4.newsguy.com...
> >
> >>>>Good idea.. however having a slight issue...
> >>>>
> >>>>IIS - When I try to connect to one of the webservers I get:
> >>>>Error connecting to: xxxx.xxxxx.net
> >>>>Access is denied.
> >>>>
> >>>>Strange... I'm logged in as Administrator to the domain yet it didn't
> >>>>work, NOR did it ask me for a username/password, guess it's telepathic
> >>>>and knows I shouldn't be on?
> >>>>
> >>>>
> >>>>Any ideas?
> >>>>
> >>>>
> >>>>
> >>>>Steven L Umbach wrote:
> >>>>
> >>>>
> >>>>
> >>>>>MMC via the network works over file and print sharing, so you would need to
have
> >>>
> >>>them
> >>>
> >>>
> >>>>>vpn into the server to access MMC. You don't want to open holes in a firewall
to
> >>>
> >>>do
> >>>
> >>>
> >>>>>file and print sharing. However the downside is that file and print sharing
> >
> > needs
> >
> >>>to
> >>>
> >>>
> >>>>>be enabled on the computer - at least on an internal adapter as you really
don't
> >>>
> >>>want
> >>>
> >>>
> >>>>>to do that on the external adapter if at all possible. You could still let
them
> >>>>>remote in via TS as regular users and on the computer add them to the dns
> >>>>>administrators group. In Remote Administration Mode, by default only
> >>>
> >>>administrators
> >>>
> >>>
> >>>>>can remote in but you can change that by adding a user/group to permissions
for
> >>>
> >>>the
> >>>
> >>>
> >>>>>RDP. You could also restrict what they access via local Group Policy
> >>>
> >>>[gpedit.msc]
> >>>
> >>>
> >>>>>though local Group Policy applies to all users that logon locally [which TS
> >
> > logon
> >
> >>>is
> >>>
> >>>
> >>>>>considered] including administrators. --- Steve
> >>>>>
> >>>>>
> >>>>>"Matt" <spammers@are.bad.com> wrote in message
> >>>
> >>>news:ccma4t1862@enews3.newsguy.com...
> >>>
> >>>
> >>>>>>Hi,
> >>>>>>I'm trying to setup so my web guys only have access to DNS and IIS on
> >>>>>>the web servers and so they don't have to terminal service into the
> >>>>>>machines (like they do now). It's not really that huge of a deal that
> >>>>>>they can't see the event logs/etc, I basically just want to get them off
> >>>>>>having to terminal service in. My Question: What do I need to do to
> >>>>>>allow them to be able to MMC into IIS and DNS as well?
> >>>>>
> >>>>>
> >>>>>
> >>>
> >
> >
Facebook
Twitter
Instagram