You can see the error message 'Access Denied' on the screen when you try to do either of the following:
You require administrator credentials to enable the central server to complete remote operations like agent/Distribution server installation. You will see the error message, 'Access denied' if the credentials specified in the SoM do not have administrator privileges.
Note: The causes and resolutions explained in this article are based on our experiences in our production and client environments. However, there may still be a few unknown causes which are not covered in this article. If this article does not resolve your issue and if you have an Active Directory-based network, you can automate agent installation using a startup script.
To resolve this problem, identify the kind of network setup you have and follow the appropriate resolution, specified for it, below:
For a Workgroup setup
In case of a workgroup set up, the credentials specified should have administrator privileges on all the computers in a particular workgroup. To modify the credentials, if required, follow the steps given below:
- Click the Admin tab
- In the Global Settings section, click Scope of Management
- Click Edit Credentials
- Select the required domain
- Select Workgroup as the network type
- Specify the following:
- Admin username
- Password
- DNS suffix
- Click Update Domain Credentials
You have modified the domain credentials.
For client computers which have the operating system Microsoft Windows Vista and later versions, you are required to disable either the User Account Control (UAC) or the remote UAC in all client computers:
Disabling UAC in the client computers
You are required to disable the UAC feature in all client computers. To disable the UAC feature, follow the steps given below:
- Click start>Settings>Control Panel>User Accounts
- Disable the UAC settings
For Windows 7 and later vesions / Windows 2008 R2 and later versions.
- Click User Account Control Settings
- Drag and choose the control level to Never Notify
- Click OK
For Windows Vista and older versions / Windows 2008 and older versions
- Click Turn User Account Settings On or Off
- Uncheck the Use User Account Control (UAC) to protect your computer checkbox
- Click OK
- Close the Control Panel window.
This will disable the UAC in the client computer. You need to perform the same steps in all the client computers that has Windows Vista or higher manually.
Disabling Remote User Account Control in the client computers
You are required to disable the Remote UAC feature by changing the registry entry that controls the Remote UAC feature. To disable the Remote UAC feature, follow the steps below:
- Click start>Run
- Enter regedit
- Click OK
- Navigate to HKEY_LOCAL_MACHINE \SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system
- Right-click on the white space and click New>DWORD Value
- Enter the name LocalAccountTokenFilterPolicy
Note: If this key name is available then right-click on the name>Modify and follow the steps given below.
- Click Modify
- Change the value data to 1
- Click OK
You have disabled the Remote UAC feature.
For an Active Directory setup
If you have an Active Directory setup, you must specify credentials that have administrator privileges, for a domain, to avoid seeing this error. The administrator credentials are specfic to an Organizational Unit (OU). You cannot use the administrator credentials of one OU to complete operations on computers that belong to another OU.
For both Workgroup and Active directory setup
The below given steps applies for both work group and active directory set up
- Check whether the Domain Administrator credentials supplied while defining the Scope of Management is still valid and has not been changed.
Enable DCOM settings in the client computers
- Enable DCOM settings in all the computers in your network. To enable DCOM settings, follow the steps given below:
- Click start>Run
- Enter dcomcnfg
- Click OK
The dialog box that appears depends on the Windows operating system that is installed in your computer. If you are using Windows NT/2000, you will see the Distributed COM Configuration Properties dialog box on the screen. If you are using Windows XP, you will see the Component Services dialog box on the screen. To acces the Properties tab, follow the steps given below:
- Expand Component Services
- Expand Computers
- Right-click on My Computer
- Click Properties
- Click the Default Properties tab
- Select Enable Distributed COM on this computer
- Select Enable DCOM Internet Services on this computer
- Select an appropriate authentication level
- Select an appropriate impersonation level
You have enabled DCOM settings in the computers in your network.