0

I am receiving an access denied error when attempting to use the following to query a service on a Windows 2012 server:

 get-wmiobject -Class Win32_Service -comp 192.168.60.23 -cred lab\test -filter "name='tapisrv'"

If I use an account that is a domain admin for the -cred parameter, then of course everything works fine. However, using the test account I can't seem to make it work. Here are the things I have tried so far:

  • Added test account to WinRMRemoteWMIUsers__ and Distributed COM users group
  • Ensured Distributed COM group is added in dcomcnfg ->Component Services -> My Computer -> properties ->COM Security ->Launch and Activate Permissions
  • Added test account to WMIMGMT.msc -> WMI Control -> Properties -> Security -> Root -> Security

Most of the troubleshooting steps have come from here:

Only way I can seem to get the test user to work is make him a local admin, which I do not want to do. Is there any configuration I am overlooking in order to make this work?

Thanks

Community
  • 1
  • 1
Dewayne Pinion
  • 41
  • 2
  • 10
  • Since your issue is not PowerShell related but security related I think this might work better at SuperUser. – Matt Mar 23 '17 at 17:32
  • Is there a way to move it? I would be happy to put it (or ask that it be placed) in a more appropriate place. – Dewayne Pinion Mar 23 '17 at 19:11

1 Answers1

0

Ok, so it was obscure and I found it in the following post:

Granting remote user (non admin) the ability to enumerate services in Win32_Service in namespace cimv2 using WMI & C#

sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)S:(AU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD)

I appreciate those trying to help!

Community
  • 1
  • 1
Dewayne Pinion
  • 41
  • 2
  • 10