ERROR_ACCESS_DENIED5 (00000005)
in [VbScript]
|
From: Al on 8 Feb 2005 16:08 I have written a script which uses dnscmd to update my DNS records but I get the ERROR_ACCESS_DENIED 5 (00000005) . The only way to resolve it is by making IUSR a member of the administrator group. I have already checked to see if the FileSystem permissions are what is causing the problem but it was not. I am running W2k Server with IIS Any ideas please.
From: n0c on 8 Feb 2005 22:02 i never used dnscmd but can you pass alternate credentials when you use it? Like for a service account or something with rights to access the records? Al wrote: > I have written a script which uses dnscmd to update my DNS records but I get > the ERROR_ACCESS_DENIED > 5 (00000005) . The only way to resolve it is by making IUSR a member of the > administrator group. I have already checked to see if the FileSystem > permissions are what is causing the problem but it was not. I am running > W2k Server with IIS > > Any ideas please. > >
From: Al on 9 Feb 2005 01:12 Thanks for your reply, I was testing the script on my laptop which is also running W2K Server before testing it on the Production Server. On the laptop I have not setup AD and not all the groups which are normally created such as DNSADMINS was present, in order to make my script work I had to make the modifications below which I found in the Security requirements of this page http://www.serverobjects.com/comp/aspdns.htm Once these modifications were done I was able to run the script and update my DNS However, when I looked at the Production Server, all I had to do was to make the IUSR account a member of the DNSADMINS group. "n0c" <n0c(a)cox.net> wrote in message news:B3fOd.31560$2p.24638(a)lakeread08... > i never used dnscmd but can you pass alternate credentials when you use > it? Like for a service account or something with rights to access the > records? > > Al wrote: > > I have written a script which uses dnscmd to update my DNS records but I get > > the ERROR_ACCESS_DENIED > > 5 (00000005) . The only way to resolve it is by making IUSR a member of the > > administrator group. I have already checked to see if the FileSystem > > permissions are what is causing the problem but it was not. I am running > > W2k Server with IIS > > > > Any ideas please. > > > >
From: Michael Harris (MVP) on 9 Feb 2005 12:40 > However, when I looked at the Production Server, all I had to do was > to make the IUSR account a member of the DNSADMINS group. Don't you think that an anonymous user account in and admin group might not be a good security practice <g>? -- Michael Harris Microsoft.MVP.Scripting
From: Al on 9 Feb 2005 23:52 Thanks for your reply Michael, Do you know of a more secure way for me to be able to update the DNS records for our clients. We need to be able to log into our customers machines remotely, but since they have dynamic addresses we have written a script for their machine to update our DNS server whenever their ip address changes. "Michael Harris (MVP)" <mikhar(a)mvps.org> wrote in message news:Oo7Fn5sDFHA.936(a)TK2MSFTNGP12.phx.gbl... > > However, when I looked at the Production Server, all I had to do was > > to make the IUSR account a member of the DNSADMINS group. > > Don't you think that an anonymous user account in and admin group might not > be a good security practice <g>? > > -- > Michael Harris > Microsoft.MVP.Scripting >
|
Pages: 1 Prev: Add Domain User to Local Power Users group. Next: Write a BynaryStream to clipboard |