T
Tony Gravagno
Multipart inquiry:
1)
I have a user ID with admin privs that I use for one specific purpose.
It is used to load an ASP page that then kicks off background tasks
via WMI - those tasks run under this user and it's easy to manage them
later. This application works well and is in use in dozens of sites.
Yesterday it suddenly stopped working when I was doing some
diagnostics, I have no idea what I did. After narrowing everything
down to a lack of permissions to run a process via WMI or shell, it
turns out it's just that user ID that doesn't work anymore. I can
easily use a different user but this ID name is used in various places
in the application and it's just a pain to change references. I
understand I can't delete the user ID and then recreate it using the
same name, but somehow I'd like to reset the registry or whatever
config area has been corrupted. Any ideas about what happened in the
first place or how I can reset/recover this user?
2)
In a larger sense I'm now concerned about the possibility that some
other user like "administrator" or another primary admin ID might get
similarly corrupted. What can I do to check the state of this system
to provide some assurance that there isn't some general corruption?
I've had to do surgery on fubar registries before, I'd really rather
lose teeth.
3)
As one of the permissions tests to see what happened, we set the DTC
Coordinator service, RPC, and WMI to logon as Local System rather than
as "NT AUTHORITY\NetworkService". It all still seems to work fine but
I'm not sure what the ramifications are. Comments? This is NOT my
area of expertise so please go easy on me.
Thanks!
1)
I have a user ID with admin privs that I use for one specific purpose.
It is used to load an ASP page that then kicks off background tasks
via WMI - those tasks run under this user and it's easy to manage them
later. This application works well and is in use in dozens of sites.
Yesterday it suddenly stopped working when I was doing some
diagnostics, I have no idea what I did. After narrowing everything
down to a lack of permissions to run a process via WMI or shell, it
turns out it's just that user ID that doesn't work anymore. I can
easily use a different user but this ID name is used in various places
in the application and it's just a pain to change references. I
understand I can't delete the user ID and then recreate it using the
same name, but somehow I'd like to reset the registry or whatever
config area has been corrupted. Any ideas about what happened in the
first place or how I can reset/recover this user?
2)
In a larger sense I'm now concerned about the possibility that some
other user like "administrator" or another primary admin ID might get
similarly corrupted. What can I do to check the state of this system
to provide some assurance that there isn't some general corruption?
I've had to do surgery on fubar registries before, I'd really rather
lose teeth.
3)
As one of the permissions tests to see what happened, we set the DTC
Coordinator service, RPC, and WMI to logon as Local System rather than
as "NT AUTHORITY\NetworkService". It all still seems to work fine but
I'm not sure what the ramifications are. Comments? This is NOT my
area of expertise so please go easy on me.
Thanks!