|
|
Toll Free: (866) 407-5279 Direct: (651) 407-5279 |
|
|
|
Toll Free: (866) 407-5279 Direct: (651) 407-5279 |
|
Applies To: UpdateEXPERT 6.x Only
Installation of Windows 2003 Service Pack 1 creates a more secure server environment when installed. "Default Credentials" need to be specified in UpdateEXPERT, or the Master-Agent may not be able to carry out Agentless queries due to tighter security requirements as mentioned below. Leaf-Agent queries are not affected.
UpdateEXPERT simply needs a quick configuration change. Go to File > Agent > Settings > Authentication. Select Agent:0 (Master-Agent) and uncheck "Use Global Agent Settings". Set Master-Agent default credentials using a domain administrator account for the domain in which the Master-Agent is installed. If you must use a local machine administrator account, set "Domain:" to the Master-Agent hostname, but not IP address or Loopback address, which will not work. This will set default credentials for the Master-Agent only, while not changing other Agents (Leaf Agents for example). This will resolve the Agentless query problem.
Note: For completeness, we mention here that you have the option of un-installing Service Pack 1 to resolve the Agentless query issue, but setting Default Credentials is much faster and provides a more secure environment.
Below, for your convenience, is some background information on Service Pack 1, and a link to Microsoft for extensive information on Service Pack 1 (recommended).
The "Access Denied" Information below is so you can verify messages you may have already received.
The prevention of Agentless queries is related to tightened RPC and DCOM authentication requirements imposed by Service Pack 1. Microsofts' own FAQ states "Services such as RPC and DCOM are integral to Windows Server 2003 and thus make an alluring target for hackers. By requiring greater authentication for calls of these services, Windows Server 2003 SP1 establishes a minimum threshold of security for all applications that use these services, even if they possess little or no security inherently."
See the Windows Server 2003 Service Pack 1 Product Overview Guide for information on the new security features. FAQ links provide a quick overview of Service Pack 1, while the overview guide provides detail and screen shots.
A Windows 2003 Server Master Agent with Service Pack 1 installed cannot successfully query Agentless target systems (with the possible exception of other W2K3 SP1 targets). It will fail due to "Access Denied" on attempting to read the following key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Windows
Unable to open registry key 'SYSTEM\CURRENTCONTROLSET\CONTROL\WINDOWS' for read access is displayed when mousing over the target computer icon in the UpdateEXPERT network panel after a failed Query attempt. Since query logging is typically on by default, you may also see this error in:
C:\Program Files\Common Files\UpdateEXPERT\ActorUserLog.txt.
The error code will be 0x00000005 in the Log window or ActorUserLog.txt file.
