Answer
PROBLEM
When deploying through GFI LanGuard, an error 'an unexpected error occurred while executing the remediation operation' is seen. When this occurs, in the target machine's Windows SYSTEM event log, there may be an error similar to:
Error, mm/dd/yyyy hh:ss,Microsoft-Windows-DistributedCOM,10016,None,S-1-2-3,"The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
{24FF4FDC-XXXX-YYYY-ZZZZ-0DA39248FF48}
and APPID
{B292921D-AAAA-BBBB-CCCC-0C57A7F29BA1}
to the user NT AUTHORITY\SYSTEM SID (S-1-2-3) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool."
Notes:
- The Event ID is: 10016 in the above example
- Some of the above event details have been modified to present an example, and may not match exactly for each user environment
ENVIRONMENT
- GFI LanGuard
- All supported platforms
SOLUTION
- Follow Solution section of this article for the version of GFI LanGuard currently in use
CAUSE
This problem may occur when "Restricted groups" domain policy is used to specify the Administrators members on the domain computers. GFI LanGuard creates its dedicated account with Local Administrator rights. These rights may change due to GPO settings. In this situation the LNSS_MONITOR_USR dedicated account will be removed from local Administrators group.
Priyanka Bhotika
Comments