In Control Compliance Suite when running a data collection/CER job against a Windows Machine asset, you get the following error in the console.
Error Description: Enumerating all of the users on SERVER1 - BVNTProcessQuery::ObjectTypeAccount(): Processing machine scope - Access is denied.
Where SERVER1 is the hostname of the Windows Machine asset.
The user that is specified in the CCS Credentials database does not have enough permission to retrieve the requested data.
Verify that the user is in the local administrators' group on the target server. Make sure that user is not in any of the local security policies 'deny' settings.
Make sure that user has all the needed access to WMI and DCOM.
Run the following commands to verify that the user is able to remotely collect the data from the CCS Manager server doing the data collection.
From a Command Prompt (cmd.exe), replace SERVER1 with the correct hostname, and DOMAIN\USER with the correct user credential that is configured for data collection.
NOTE: When you execute these commands, you will get a prompt to enter in the user's password.
wmic /Node:"SERVER1" /user:DOMAIN\USER path win32_groupuser
From a PowerShell prompt
Get-WmiObject -ComputerName SERVER1 -Credential DOMAIN\USER -Class Win32_groupuser
If you see "Access is denied" from either of those, work with your Windows AD team to figure out what is limiting the permissions or preventing that user from collecting the data. It could be a 3rd party security service, or it could be the OS has been hardened.