search cancel

xcompp.bat fails with Access Denied with CA XCOM for Windows

book

Article ID: 203228

calendar_today

Updated On:

Products

XCOM Data Transport XCOM Data Transport - Windows XCOM - SUPPORT

Issue/Introduction

A transfer fails due to the xcompp.bat failing with message "OpenWindowStation failed. Err:5(Access Denied). An XCOM trace show the user doesn't have the correct permissions for xcompp.bat processing.

Environment

Release : 11.6 SP03

Component : CA XCOM Data Transport for Windows

Resolution

Make sure to have the following setup:

1. Make sure that the XCOMD service is "Log on as" a Local System Account and the "Allow service to interact with desktop" box is checked  in the Properties of the service

2. Make sure to create the "CA-XCOM-Batch-Interactive" group in Windows

3. Assign the proper userids to the "CA-XCOM-Batch-Interactive" group 

See online documentation:
CA XCOM Data Transport for Windows 11.6 Service Packs > Administrating > How to Configure CA XCOM Data Transport > Create the CA XCOM Batch Interactive Group
CA XCOM Data Transport for Windows 11.6 Service Packs > Administrating > Operating Environment > How to Use CA XCOM Data Transport Processing Scripts

 

Additional Information

When Windows NT came out, it allowed popups from services. They were displayed on the active logon session. As pointed out, this is a potential security exposure and Microsoft implemented proper controls as of Windows 7. All services use Windows station 0, WinSta0. With XCOM’s implementation, we wanted to satisfy two customer requests:

1. Spawn child processes which run beyond the duration of the XCOM transfer
2. Offer interactive dialogues for the purpose of debugging scripts


The initial solution was

   - search among the logged on users, and if there is a match with the XCOM transfer user, use that session for interactive displays.
   - create an entry in WinSta0 if the XCOM userid is not logged on and leave the entry beyond the XCOM transfer.


The latter case created a new ACE for every transfer. The system would eventually run out of storage and often needed to be re-booted. At this point, the CA-XCOM-Batch-Interactive group helps. If a user is defined in that group, XCOM creates the ACE for that user only once and then re-uses it for subsequent script processing for that user.