Windows Vista Forums

Trying to understand Remote WMI permissions

  1. #1


    Janssen Guest

    Trying to understand Remote WMI permissions

    Hello. I've been tasked with querying, starting, and stopping services on a
    remote machine using a machine-specific local account on the remote machine.
    I've decided than an easy way to do this would be to use Powershell:

    $cred = get-cred (to be stored later on in an encrypted text file)
    gwmi win32_service -cred $cred -comp computer | ? {$_.Name -like "Myservice"}

    However, I'm having trouble figuring out what permissions are needed to make
    a remote WMI call in Powershell. When I add the said account to the
    computer's administrator group, it works. But when the account is in the
    user group, the gwmi call fails with access denied. I don't want to make
    that account an admin account. I only want it to be able to start, stop, and
    query services, which I've delegated through a GPO.

    I've tried opening the WMI Control in Computer Management, and as a test,
    granted the account write/execute/remote enable/etc. at the root level, and
    propagated the changes down, but that doesn't work, so I'm thinking there
    must be some other permission required in order for gwmi to work remotely for
    a non-admin account. Any ideas as to what I'm missing? I know the question
    isn't SPECIFICALLY a Powershell question, but I'm not sure where else I'd
    post the question.

    Thanks in advance,

    Janssen Jones

      My System SpecsSystem Spec

  2. #2


    Marco Shaw Guest

    Re: Trying to understand Remote WMI permissions

    Janssen wrote:

    > Hello. I've been tasked with querying, starting, and stopping services on a
    > remote machine using a machine-specific local account on the remote machine.
    > I've decided than an easy way to do this would be to use Powershell:
    >
    > $cred = get-cred (to be stored later on in an encrypted text file)
    > gwmi win32_service -cred $cred -comp computer | ? {$_.Name -like "Myservice"}
    >
    > However, I'm having trouble figuring out what permissions are needed to make
    > a remote WMI call in Powershell. When I add the said account to the
    > computer's administrator group, it works. But when the account is in the
    > user group, the gwmi call fails with access denied. I don't want to make
    > that account an admin account. I only want it to be able to start, stop, and
    > query services, which I've delegated through a GPO.
    >
    > I've tried opening the WMI Control in Computer Management, and as a test,
    > granted the account write/execute/remote enable/etc. at the root level, and
    > propagated the changes down, but that doesn't work, so I'm thinking there
    > must be some other permission required in order for gwmi to work remotely for
    > a non-admin account. Any ideas as to what I'm missing? I know the question
    > isn't SPECIFICALLY a Powershell question, but I'm not sure where else I'd
    > post the question.
    >
    > Thanks in advance,
    >
    > Janssen Jones
    Just in case... Read this since you're asking about WMI and credentials:
    http://www.scriptinganswers.com/foru...s.asp?TID=1041

    Marco

    --
    ----------------
    PowerGadgets MVP
    http://www.powergadgets.com/mvp

    Blog:
    http://marcoshaw.blogspot.com

      My System SpecsSystem Spec


Trying to understand Remote WMI permissions
Similar Threads
Thread Forum
Vista permissions vs. Netgear UNIX NAS permissions Network & Sharing
Need to understand permissions and ownership Vista General
Remote registry key permissions PowerShell
WMI remote permissions error PowerShell
Vista Permissions Questions (including Remote Desktop) Vista General