When attempting to add a machine with Windows 2000 Server/Windows 2003 Server with SP1 to PowerRecon's Inventory, the following error may appear:
Requested Registry Access not allowed
Details
The Remote Registry service MUST be running on the machine that PowerRecon is attempting to discover. By default the Remote Registry service runs under the LOCAL SERVICE account. Therefore, the LOCAL SERVICE account will need read permissions to the following registry key on the machine that PowerRecon is attempting to add:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurePipeServers\winreg
For more details regarding this, please see the link below to the following Microsoft article entitled "Can't access Remote Registry Service after upgrading to Windows 2003"
< o:p>.
In addition, if you are attempting to inventory a Windows 2003 Small Business Server, the following steps are also recommended:
Run regedt32
Locate the following registry key:
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SBCore
Remove the SYSTEM account from having access to this key. If the SYSTEM account is not removed, the system will overwrite any additional permissions set on this particular registry key restoring it to the original level of access which by default is SYSTEM only.
- Provide the LOCAL SERVICE account with READ access
If error continues to appear after trying the above suggestions, please follow the steps below to further troubleshoot the error:
Launch the Local Security Policy console on the server that PowerRecon had failed to inventory
Go to Local Policies -> Audit Policy
Ensure that "Audit Logon events" and "Audit Object Access" are set to audit failures
Apply the changes
Try to inventory the server again and when the error re-occurs, check the Event logs of the server that failed to discover
and make the appropriate permissions change(s) as necessary