Remote Scripting: “ActiveX component can’t create object” on WSHController Object
While perusing the WSH 5.6 documentation I happened across a section on Remote Scripting. I imagined Remote Scripting to be possible but it isn’t something that I had seen before in the documentation. I started investigating and so created the scripts as suggested and ran the test.
Straight away I got the ActiveX component can't create object. Obviously I was a little confused since this is a Microsoft example script. No matter how I created the script I got the same error every time and there was no obvious reason why I was getting the error.
It turns out to be a problem relating to the installation of Windows XP Service Pack 2 that cripples remote scripting in WSH 5.6. Obviously it was a security decision by Microsoft. A well considered one I’m sure but they could have given we sys admins a few ideas! Read on for information on how to solve the
ActiveX component can't create object error…
I trawled the internet for a solution and happened across a KB article that suggested I needed to run a simple command line (
wscript -regserver) but Microsoft failed to advise which computer it needs running on. Needless to say, it didn’t work.
Further investigation led me to this page where I was told about the same “fix” mentioned above AND another one related to the same error. Hmm, there’s a pattern here.
Eventually, after a little more digging, I came across this full set of instructions which I have included for you all here. I take no credit for this – thank Antonio from Kansas City that posted it originally.
- The user account that is used to run the script must have administrator rights in the remote computer.
- Enable WSH remote scripting on the remote computer, it is disabled by default. Alter the following registry key on the remote computer.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Script Host\Settings\Remote = 1 - Run wscript -regserver on the remote computer, this is a fix for a bug in SP2, see MS-KB311269 http://support.microsoft.com/default.aspx?scid=kb;en-us;Q311269
- Modify the Group Policy on the local computer being used to launch the remote script. (GPEDIT.MSC)
XPSP2 creates two new policies for DCOM in
Local Computer Policy\Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\ DCOM: Machine Access Restrictions in Security Descriptor Definition Language (SDDL) syntax
Edit Security and give the following access to the Anonymous Logon and Everyone groups:- Allow Local
- Allow Remote Access
The following screenshot shows the location within Group Policy to make this change.
DCOM: Machine Launch Restrictions in Security Descriptor Definition Language (SDDL) syntax
Edit Security and give the following permissions to the Administrators Group:- Allow Local Launch
- Allow Remote Launch
- Allow Local Activation
- Allow Remote Activation
Then give the following permissions to the Everyone Group:
- Allow Local Launch
- Allow Local Activation
The following screenshot shows the location within Group Policy to make this change.
Again, I can take no credit for this information, I’m just making it available. Feel free to use the following script to execute Windows Script Files remotely. This doesn’t work for JScript (.js) or VBScript (.vbs) files in their native format. They MUST be included in a Windows Script File (.WSF) file for remote scripting to work.
One addition to the script is that I’ve automated point no. 2 from the above list. Using the StdRegProv for WMI we can add the registry setting Remote = 1 to the target computer within the script itself. If you want to re-secure this machine afterwards, you can run DisableRemote() after the remote script has run.
EDIT: I’ve cleaned up the code a little and added a way to automate point no. 1 also. This addition uses SCHTASKS.EXE on Windows XP Professional to run wscript -regserver on the remote machine. Now that I’m thinking about it, perhaps I could have just done this for the script I want to run anyway!? Meh, the script’s done, use it if you want. 😀
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 |
Set oController = CreateObject("WSHController") Set objDialog = CreateObject("UserAccounts.CommonDialog") Set oSh = CreateObject("WScript.Shell") Set oFs = CreateObject("Scripting.FileSystemObject")sPC = InputBox("Type in the computer name.", "Remote Exec", "CMP00") CheckInput(sPC) If Ping(sPC) = False Then oSh.Popup "The machine " & sPC & " is not responding.", 2, "Failed!", 0 + 16 + 2048 WScript.Quit End If EnableRemote(sPC) sAdminPass = InputBox("Please enter the administrator password", "Remote Exec") CheckInput(sAdminPass) oSh.Run "schtasks /create /sc minute /mo 2 /tn ""WScript"" /tr ""wscript -regserver"" /s " & PC & " /ru administrator /rp " & sAdminPass WScript.Sleep 1000 oSh.Run "schtasks /run /tn ""Wscript"" /s " & sPC WScript.Sleep 1000 oSh.Run "schtasks /delete /tn ""Wscript"" /s " & sPC & " /f" WScript.Sleep 1000 objDialog.Filter = "Windows Script Files|*.wsf" objDialog.InitialDir = "D:\" intResult = objDialog.ShowOpen If intResult = 0 Then oSh.Popup "Please select a Windows Script File to run.", 0, "Remote Exec", 0 + 48 + 2048 Wscript.Quit Else Set ScriptName = oFs.GetFile(objDialog.FileName) sScript = ScriptName.ShortPath End If Set oProcess = oController.CreateScript("" & sScript & "", sPC) WScript.ConnectObject oProcess, "remote_" oProcess.Execute While oProcess.Status <> 2 WScript.Sleep 100 Wend WScript.Echo "Done" Function Ping(strTarget) Set objWMIPinger = GetObject("winmgmts:\\.\root\cimv2") Set objWMIPingStatus = objWMIPinger.ExecQuery("Select * from Win32_PingStatus where Address='" & strTarget & "'") For Each oPing In objWMIPingStatus If IsNull(oPing.StatusCode) Or oPing.StatusCode <> 0 Then Ping = False Else Ping = True End If Next End Function Sub EnableRemote (strTarget) Const HKEY_LOCAL_MACHINE = &H80000002 Set objRegProv = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strTarget & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\Microsoft\Windows Script Host\Settings" objRegProv.SetStringValue HKEY_LOCAL_MACHINE, strKeyPath, "Remote", "1" End Sub Sub DisableRemote (strTarget) Const HKEY_LOCAL_MACHINE = &H80000002 Set objRegProv = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strTarget & "\root\default:StdRegProv") strKeyPath = "SOFTWARE\Microsoft\Windows Script Host\Settings" objRegProv.SetStringValue HKEY_LOCAL_MACHINE, strKeyPath, "Remote", "0" End Sub Sub CheckInput(sInput) If sInput = "" Then oSh.Popup "You must enter the information requested!", 0, "Remote Exec", 0 + 16 + 2048 WScript.Quit End If End Sub |
Thanks for posting this. I need to run some compiles on a machine across the LAN. It has been driving me nuts and I keep getting “Permission denied” I read what you posted very carefully and did everything above. I ran your sample script but it gives the same error (at line 40, as soon as oController is referenced…). I’m not sure how to tell what version of WSH is installed on the two machines. Can you advise?
Thanks,
Pete
Hi Pete, as long as you have set the permissions for DCOM objects on both machines, you should be fine.
It’s a shame that Microsoft aren’t more specific with their error messages!
Hi,
First of all, I want to thank you. That’s the only post I found it was realy clear about this topic, however I found an issue in Windows 7 and it simply doesn’t work. Any ideas? Could you help me with this issue?
Whenever I call the method CreateScript, it gives the following error messages:
1 – Permission denied
2 – ActiveX component can’t creat object
I’m trying to run the same script against two different computers. The first one gives me the first message and the second one the second message. Both of the computers are Windows 7 with all the configuration you posted.
Wow, a blast from the very distant past. Honestly I’ve never tried it in Windows 7, mainly because of the prevalence of PowerShell now instead of VBScript. PowerShell is also the future of Windows administration so I’d take the opportunity to investigate it and use it in your current project.
There are other options as well including WinRM but PowerShell Remoting is probably what you want to be looking at.