Tracert getting "Access is denied"

Discussion in 'Computer Support' started by Billy T., Oct 15, 2003.

  1. Billy T.

    Billy T. Guest

    My cousin is staying with me and was having networking issues on his
    company Windows XP laptop. I tried to help troubleshoot and noticed
    that running TRACERT in the command window always immediately gives an
    "Access is denied" reply, yet running PING is allowed.

    I've never seen this before. I'm just curious ... how can TRACERT be
    locked down? Through the policy editor? Also, why would his company
    even want to lock down such a utility? I don't see the security risk in
    running TRACERT.

    TIA
     
    Billy T., Oct 15, 2003
    #1
    1. Advertisements

  2. Billy T.

    Yves Leclerc Guest

    Check your firewall, if you have one installed?

    Y.
     
    Yves Leclerc, Oct 15, 2003
    #2
    1. Advertisements

  3. Billy T.

    °Mike° Guest

    Would this be 'denied' by the firewall?


     
    °Mike°, Oct 15, 2003
    #3
  4. Billy T.

    why? Guest

    X-No-Archive: Yes
    On Wed, 15 Oct 2003 12:17:23 -0400, Billy T. wrote:

    Scary x-post trimmed to 24HSHD from

    Newsgroups: 24hoursupport.helpdesk,microsoft.public.windowsxp.general,
    microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin
    This would be on the laptop while *not* connected to the company
    network?

    So 'tracert /?' to list the command help fails to work or is the access
    denied during the trace?

    Tracert does generate more traffic, it's failry common to block it at
    the company firewall.
    Access Denied could be simply, setting the file permissions as Admins
    only (or Users group , remove from security or even Users untick
    read/read&excute).

    Unticking read/read&execute , then login as a limited user account gives
    you this output -

    c:\Documents and Settings\(username)>tracert
    Access is denied.

    Does pathping still work?
    Interesting, will have to think about that... anyway , it may not be a
    security issue it drives me nuts everytime somebody thinks they have to
    tell the nework people of a supposed fault they just found. I wouldn't
    presume to do thier job but everybody like to print out traces - see
    what I found <groan>.

    Besides after 2-4 hops, the fault may well be outside the company and
    4-5 hops in a different country altogether so why worry about it.

    For past few months, it's maybe been blocked (ICMP) at routers/firewalls
    and in some cases the gateway of last resort turned off to combat
    several of the recent worms.

    Routers etc can also be told to block or simply drop pings/ traces
    during periods of high ftp/http traffic simply as it's not important
    enough.

    Me
     
    why?, Oct 15, 2003
    #4
  5. Billy T.

    why? Guest

    On Wed, 15 Oct 2003 12:17:23 -0400, Billy T. wrote:

    <oops , reposted without the no-archive yes>

    Scary x-post trimmed to 24HSHD from

    Newsgroups: 24hoursupport.helpdesk,microsoft.public.windowsxp.general,
    microsoft.public.windowsxp.help_and_support,microsoft.public.windowsxp.security_admin
    This would be on the laptop while *not* connected to the company
    network?

    So 'tracert /?' to list the command help fails to work or is the access
    denied during the trace?

    Tracert does generate more traffic, it's failry common to block it at
    the company firewall.
    Access Denied could be simply, setting the file permissions as Admins
    only (or Users group , remove from security or even Users untick
    read/read&excute).

    Unticking read/read&execute , then login as a limited user account gives
    you this output -

    c:\Documents and Settings\(username)>tracert
    Access is denied.

    Does pathping still work?
    Interesting, will have to think about that... anyway , it may not be a
    security issue it drives me nuts everytime somebody thinks they have to
    tell the nework people of a supposed fault they just found. I wouldn't
    presume to do thier job but everybody like to print out traces - see
    what I found <groan>.

    Besides after 2-4 hops, the fault may well be outside the company and
    4-5 hops in a different country altogether so why worry about it.

    For past few months, it's maybe been blocked (ICMP) at routers/firewalls
    and in some cases the gateway of last resort turned off to combat
    several of the recent worms.

    Routers etc can also be told to block or simply drop pings/ traces
    during periods of high ftp/http traffic simply as it's not important
    enough.

    Me
     
    why?, Oct 15, 2003
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.