7

in cmd, 'Query Session' command is returning,

Error 5 getting sessionnames
Error [5]:Access is denied

on Windows 10 Remote desktop - Administrator user.

we have set, AllowRemoteRPC 's value to 1

under this HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server

But still problem persists.

Questions:

  • what does AllowRemoteRPC actually do and how it's value is being used.
  • what to do to make Query Session command work.
Amit
  • 153
  • 1
  • 1
  • 10
  • What exactly are you doing? Did you change AllowRemoteRPC to "1" on the *receiving* computer? Try also in Credential Manager to add the account for the receiving computer. Another try is to disable UAC. – harrymc Jan 02 '19 at 09:28
  • @harrymc I am logging into the RDP, and in CMD I am typing command 'Query Session'. I did change 'AllowRemoteRPC' on that RDP. can you tell me how to disable UAC? – Amit Jan 02 '19 at 09:31
  • Another thing to try is connecting to a share first to establish credentials, or creating a same-named consistent user on both machines. – harrymc Jan 02 '19 at 09:32
  • @harrymc I'm sorry, but I didn't get your suggestions. Basically i want a CMD command 'Query Session' to successfully provide me sessions information. but it is giving me error 5. To solve that I tried to set 'AllowRemoteRPC' with 1. But that didn't help Either. – Amit Jan 02 '19 at 15:54
  • @PimpJuiceIT Yes I'm doing `Query Session` on cmd. This is case in client's machine and their user is added in Administrator Group (and cmd is opened as Administrator) - So not direct local Admin. But I have tried the same on my network with guest (standard) user and command is working fine. I am doing this via connecting to the machine using remote desktop. – Amit Jan 05 '19 at 09:37
  • @PimpJuiceIT we did restart after setting `AllowRemoteRPC` but didn't work. We can try other steps. But I have tested the same command in other networks. It works even in non-admin user. So i guess there must be something else we are missing. – Amit Jan 06 '19 at 06:04
  • For 1) It will not be practical solution for user (yet we can try). 2) I will suggest them to perform this and after reboot try again the procedure (with and without admin user). But can you brief me what sfc /scannow does? and how it can help me? – Amit Jan 06 '19 at 08:44
  • Is it possible you are executing the 32-bit version of `cmd.exe` (found in `C:\Windows\SysWow64`) on a 64-bit computer? As another try, you could also [disable UAC](https://www.howtogeek.com/howto/windows-vista/disable-user-account-control-uac-the-easy-way-on-windows-vista/) on the target computer. – harrymc Jan 07 '19 at 09:07
  • @harrymc No that is not the case. however we have suggested them to disable UAC for testing purpose. but that doesn't seem to be recommended thing to do for longer time. – Amit Jan 09 '19 at 07:16

2 Answers2

3

I think the problem is in the UAC remote restrictions.

Do this on the target computer:

  • Run regedit

  • Navigate to the following registry subkey:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System

  • If an entry named LocalAccountTokenFilterPolicy registry entry does not exist, create it as DWORD

  • Double-click LocalAccountTokenFilterPolicy and set its value to 1.

Reference:

Microsoft's Description of User Account Control and remote restrictions in Windows Vista.

harrymc
  • 455,459
  • 31
  • 526
  • 924
3

Rather than changing registry values, you could always use PSEXEC from a command prompt or Invoke-Command from a PowerShell prompt to execute QWINSTA locally. Both of these will require you have administrative rights on the remote machine (which means opening the command prompt under other credentials, including the credentials as PSEXEC switches or, in the case of PowerShell, including -Credential (Get-Credential) in the command.

Command prompt example:

PSEXEC \\MYPC cmd /c "qwinsta /server:localhost"

PowerShell example:

Invoke-Command -ComputerName MyPC -ScriptBlock { qwinsta /server:localhost }
zx485
  • 2,170
  • 11
  • 17
  • 24
James Younger
  • 31
  • 2