Every once in a while, I will get messages of access denied when I am trying to do a remote deployment of a tool or client to another windows machine. We will often cry immediately, “it’s the network and the firewall!” This will then lead to an email flame war between the windows and network teams. Both sides, will claim that it is the other side’s fault and that it is not their systems at fault. You will go over the route tables and the firewall to see if there is anything blocking traffic. Then you go onto the routers to check their acls and you still don’t find the culprit.
Well, with Windows 2008, the culprit is often windows itself. There are three areas where windows will cause you to have an access denied when you are trying to deploy a system remotely to another computer. The first cause is that the user account you are using is not a member of the local Administrators group of the target computer. The second cause is the local windows firewall. Typically, the built in windows firewall has three zones. They are Domain Networks, Home or Work (Private) Networks, and Public Networks.