Which permissions/rights does a user need to have WMI access on remote machines?
Solution 1:
The following works on Window 2003 R2 SP 2, Windows Server 2012 R2
- Add the user(s) in question to the Performance Monitor Users group
- Under Services and Applications, bring up the properties dialog of WMI Control (or run
wmimgmt.msc
). In the Security tab, highlightRoot/CIMV2
, click Security; add Performance Monitor Users and enable the options :Enable Account
andRemote Enable
- Run
dcomcnfg
. At Component Services > Computers > My Computer, in the COM security tab of the Properties dialog click "Edit Limits" for bothAccess Permissions
andLaunch and Activation Permissions
. Add Performance Monitor Users and allow remote access, remote launch, and remote activation. - Select Windows Management Instrumentation under Component Services > Computers > My Computer > DCOM Config and give
Remote Launch
andRemote Activation
privileges to Performance Monitor Users Group.
Notes:
- As an alternatively to step 3 and 4, one can assign the user to the group Distributed COM Users (Tested on Windows Server 2012 R2)
- If the user needs access to all the namespaces, you can set the settings in 2. at the
Root
level, and recurse the permissions to the sub-namespaces via theAdvanced
window inSecurity
Solution 2:
All I did on Windows 8 was added user to group "Remote Management Users", and remote WQL requests worked.
Solution 3:
By default, only the local Administrators group has remote permissions to WMI. You will have to customise the WMI "Remote Enable" permissions.
Solution 4:
You may also have to grant "DCOM remote access permissions" and/or "DCOM remote launch and activation permissions" depending on what exactly you are trying to do. This MSDN article gives the step-by-step procedures.