Check SCM error code: 5

SCM status on the workstation is not available (check SCM error code: 5) means that the EndPoint Agents Server does not have access to the Service Control Management (SCM) service for this workstation.

 

 

 

Solution:

 

You need to configure the EndPoint Agents Server to be able to connect to the workstation start under the administrator account of this PC.

 

There are two ways to do this:

 

First method: In the SecureTower Administrator Console, you need to check from what account the EndPoint Agents Server started. If you have a domain, you have to start it under the domain administrator account. In the status monitor tab of the Admin Console choose the EndPoint Agents Server and click on the icon that shown in the screenshot below. In the opened menu, select “Service startup parameters”.

In this menu, we select "Start under specified account" and write the name of domain administrator in the line in the form of “DomainName\UserName”.

 

Second Method: Set the access credentials for specific computers manually. Go to the Agents tab in the Admin Console and right-click on the selected computer in the "Agents Schema" to open the context menu. Select "Set computer access credentials." Then enter the administrator user name in the opened window in the form of "DomainName\UserName" and "UserName" and password for local users.

In order to allow access for several computers at the same time, select the computers you need by clicking the left mouse button with the ctrl-key pressed.

 

Additional configuration of the following parameters may be required for computers in the workgroup:

For computers not in the domain (WORKGROUP), you must have accounts with administrator rights, with identical logins and passwords. The computer with the agent control server requires administrator account with the same login and password. Then, just like the domain organization of the network listed above, you have to enable the EndPoint Agents Server access to you workstations.

You need to set up a classic network access model.

You can enable it through the GPO console:

secpol.msc

 

If you install the agent on a computer running Windows XP, check whether "Use simple file sharing" is disabled. If not, then disable it.

For computers running Windows Vista and later, you need to disable UAC (User Account Control).

To do this, open the "Control Panel\All Control Panel Items\User Accounts\Changes to Account Control Settings" and set the regulator to the lowest position as indicated in the screenshot. For the changes to take effect, you must restart the workstation.

(For workstations running Windows 10 disabling UAC does not help. The following describes how to interact with the Windows 10 system.)

If you do not want to disable UAC, (as well as for systems with Windows 10), you need to add the “LocalAccountTokenFilterPolicy” parameter of DWORD32 type with a value of 1, to the «HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system».

In this case, you will also need to reboot.