Which permissions/rights does a user need to have WMI access on remote machines?

Solution 1:

The following works on Window 2003 R2 SP 2, Windows Server 2012 R2

  1. Add the user(s) in question to the Performance Monitor Users group
  2. Under Services and Applications, bring up the properties dialog of WMI Control (or run wmimgmt.msc). In the Security tab, highlight Root/CIMV2, click Security; add Performance Monitor Users and enable the options : Enable Account and Remote Enable
  3. Run dcomcnfg. At Component Services > Computers > My Computer, in the COM security tab of the Properties dialog click "Edit Limits" for both Access Permissions and Launch and Activation Permissions. Add Performance Monitor Users and allow remote access, remote launch, and remote activation.
  4. Select Windows Management Instrumentation under Component Services > Computers > My Computer > DCOM Config and give Remote Launch and Remote Activation privileges to Performance Monitor Users Group.

Notes:

  • As an alternatively to step 3 and 4, one can assign the user to the group Distributed COM Users (Tested on Windows Server 2012 R2)
  • If the user needs access to all the namespaces, you can set the settings in 2. at the Root level, and recurse the permissions to the sub-namespaces via the Advanced window in Security

Solution 2:

All I did on Windows 8 was added user to group "Remote Management Users", and remote WQL requests worked.


Solution 3:

By default, only the local Administrators group has remote permissions to WMI. You will have to customise the WMI "Remote Enable" permissions.


Solution 4:

You may also have to grant "DCOM remote access permissions" and/or "DCOM remote launch and activation permissions" depending on what exactly you are trying to do. This MSDN article gives the step-by-step procedures.