使用 Windows XP SP3 的远程 WMI
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/570464/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Remote WMI with Windows XP SP3
提问by dcgibbons
A fresh Windows XP SP3 install does not allow remote WMI access like Windows XP SP2 does.
新安装的 Windows XP SP3 不允许像 Windows XP SP2 那样允许远程 WMI 访问。
If I follow the steps in the "How to troubleshoot WMI-related issues in Windows XP SP2" document at http://support.microsoft.com/kb/875605I'm unable to get SP3 to respond to a remote WMI request.
如果我按照http://support.microsoft.com/kb/875605 上的“如何解决 Windows XP SP2 中与 WMI 相关的问题”文档中的步骤操作,我将无法让 SP3 响应远程 WMI 请求。
Every request, even to the built-in Administrator account, a new account in the Administrators group, or even a new account not in the Administrators group but given access to remote DCOM & the WMI namespace as described in the Microsoft document all return error code 0x80070005, Access is denied.
每个请求,即使是对内置管理员帐户、管理员组中的新帐户,甚至是不在管理员组中但授予访问远程 DCOM 和 WMI 命名空间(如 Microsoft 文档中所述)的新帐户,都返回错误代码0x80070005,拒绝访问。
To verify I didn't have a goofy system configuration, I installed a fresh Windows XP SP3 image (using the .ISO image from MSDN) and performed no configuration changes save enabling RemoteAdmin through the Firewall. The Access is denied behavior was seen in this scenario as well.
为了验证我没有愚蠢的系统配置,我安装了一个新的 Windows XP SP3 映像(使用来自 MSDN 的 .ISO 映像)并且没有执行任何配置更改,除了通过防火墙启用 RemoteAdmin。在这种情况下也看到了访问被拒绝行为。
What changed in Windows XP SP3 to remote DCOM / WMI access and how best to enable it?
Windows XP SP3 对远程 DCOM/WMI 访问有何改变以及如何最好地启用它?
回答by dcgibbons
It turns out the issue wasn't specific to SP3, but rather the lack of these systems being in a domain.
事实证明,该问题并非特定于 SP3,而是域中缺少这些系统。
If XP isn't in a domain then the "Use Simple File Sharing" option, found in the Folder Options control panel applet, works it magic. If this option is enabled (the default) all file sharing connections are done with the guest user credential, but this also is applied to incoming DCOM connections as well.
如果 XP 不在域中,那么位于“文件夹选项”控制面板小程序中的“使用简单文件共享”选项会发挥作用。如果启用此选项(默认),所有文件共享连接都使用来宾用户凭据完成,但这也适用于传入的 DCOM 连接。
Disabling this option allows DCOM connections to be verified as expected.
禁用此选项允许按预期验证 DCOM 连接。
回答by Terry
Supposedly SP3 does not check 'Enable Distributed COM on this computer'. Get into Component Services (dcomcnfg.exe) Component Services, Computers. Right click 'My Computer' and go to properties. 'Default Properties' is the tab you want. I have also heard that changing the DTC Logon account to NT AUTHORITY\NetwerkService (note the e instead of an o) will work. You can find this under the MSDTC tab, Security Configuration following the same path to My Computer.
据说 SP3 不会检查“在此计算机上启用分布式 COM”。进入组件服务 (dcomcnfg.exe) 组件服务,计算机。右键单击“我的电脑”并转到属性。“默认属性”是您想要的选项卡。我还听说将 DTC 登录帐户更改为 NT AUTHORITY\NetwerkService(注意 e 而不是 o)会起作用。您可以在 MSDTC 选项卡下的安全配置下找到它,该路径与我的电脑相同。
We solved something very similar by using these tricks. Hope this helps.
我们通过使用这些技巧解决了非常相似的问题。希望这可以帮助。
回答by Tommy Hui
I'm not sure if RemoteAdmin is the one you need to turn off or not in the firewall.
我不确定是否需要在防火墙中关闭 RemoteAdmin。
One suggestion would be to turn off the firewall completely first and try that. If it works, then you know it is the firewall. If this is the case, then I would try adding port tcp 135 directly and try again.
一个建议是首先完全关闭防火墙并尝试。如果它有效,那么您就知道它是防火墙。如果是这种情况,那么我会尝试直接添加端口 tcp 135 并重试。
You may also try using telnet [ip address of XP_SP3 machine] 135 and see if you can establish the connection.
您也可以尝试使用telnet [XP_SP3机器的ip地址] 135 看看是否可以建立连接。
Hope this helps.
希望这可以帮助。
