如何使用 WMI 以非管理员用户身份在远程 Windows 系统上运行命令?
我有一个用 Visual Basic 编写的脚本,它使用 WMI 在远程系统(再次作为参数给出)上启动一个进程(作为参数给出脚本)。在远程系统上使用管理员帐户时,此脚本工作正常,但在使用非管理员帐户时,我收到以下错误:
ConnectServer Failed w/ (-2147024891) Access is denied.
我希望能够以非管理员用户身份在远程系统上运行进程脚本,我很确定问题是由于远程系统上的安全设置造成的,但我无法重置正确的设置。
I have a script written in Visual Basic that starts a process (given to the script as an argument) on a remote system (again, given as an argument) using WMI. This script works fine when using an Administrator account on the remote system, but when using a non-administrator account, I get the following error:
ConnectServer Failed w/ (-2147024891) Access is denied.
I'd like to be able to run processes on remote systems as a non-administrator user with this script, and I'm pretty sure the problem is due to security settings on the remote system, but I've not been able to reset the right ones.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
听起来您需要通过 DCOMCNFG 在目标计算机上为此用户配置启动和激活权限。默认情况下,非管理员用户没有远程启动和激活权限。
或者,根据您要连接的操作系统,可能有一个“分布式 COM 用户”组,您可以向其中添加您的用户。该组已拥有适当的权限。分布式 COM 用户组首先包含在 Windows Server 2003 Service Pack 1 中(DCOM 安全增强)。
您可以在此处。有关如何配置 WMI 和 DCOM 的更多详细步骤包含在 serverfault 线程 用户需要哪些权限/权限才能访问远程计算机上的 WMI?。
It sounds like you need to configure launch and activation permissions for this user, on the target machine, via DCOMCNFG. By default non-admin users do not have remote launch and activiation permissions.
Alternatively, depending on the operating system you are connecting to, there may be a "Distributed COM Users" group to which you can add your user. This group already has the appropriate permissions. The Distributed COM Users group was first included in Windows Server 2003 Service Pack 1 (DCOM Security Enhancements).
You can read more about WMI and DCOM permissions here. More detailed steps on how to configure WMI and DCOM are included in the serverfault thread Which permissions/rights does a user need to have WMI access on remote machines?.