Remote WMI Access Denied

[asifuentes]

Hi,

I'm trying to get remote WMI working between two Windows Server 2016 servers. I am going to be using this for a monitoring application and only need read access. I don't want to use an administrator account for security and compliance reasons.

I'm doing testing from the monitoring server to the other server using wbemtest. I keep getting an access denied error when trying to connect to the Root\CIMv2 namespace of the remote server while using the credentials of my non-privileged account. However, I can connect successfully with my domain admin account. Also, I can connect to the namespace using the non-privileged account if I run wbemtest locally on the server.

I have done the following:

• Added the account to the local Distributed COM Users group on the server.
• Made sure that the Distributed COM Users group has all Allow permissions and no Deny permissions on both the Access Permissions and on the Launch and Activation Permissions of the computer's COM Security.
• Gave my non-privileged account Execute Methods, Enable Account, and Remote Enable on the Root\CIMv2 namespace and all subnamespaces.
• Made the following changes to the SDDL of SCManager: sc sdset SCMANAGER DA;;CCLCRPRC;;;AU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)SAU;FA;KA;;;WD)(AU;OIIOFA;GA;;;WD).
• Rebooted the server.
• Turned off the firewall.
• I also tried adding the user to the local Administrators group and still no luck.

Does anyone have any suggestions on what else I can try?


EDIT: Both machines are members of the same domain.

Thanks

Continue reading...