通过 WMI 查询远程系统返回非管理员访问被拒绝
我有一个简单的 WMI 查询,在本地运行良好,但查询远程系统会出现访问被拒绝错误。当我将本地用户作为管理员组的成员添加到远程系统时,查询按预期工作,但我不想让该用户作为该组的成员。
我已经尝试了以下操作,不幸的是到目前为止还没有成功:
- 我为防火墙启用了 RemoteAdmin(netsh 防火墙设置服务 RemoteAdmin 启用)
- 我添加了对 WMI 安全设置具有所有可能访问权限的用户(对于根名称空间,并且我还检查了设置是否通过 wmimgmt.msc 正确传播到我正在查询的命名空间 root/cimv2)
- 我在 DCOM COM 安全性中为用户启用了远程访问
我每次运行查询时仍然遇到相同的错误,是吗还有什么我可能错过的吗?
I have a simple WMI query that runs fine locally, but querying a remote system gives an access denied error. When I add the local user to the remote system as member of the administrator group, the query works as expected, but I don't want to have that user as a member of that group.
I already tried the following things, unfortunately not successful so far:
- I enabled RemoteAdmin for the firewall (netsh firewall set service RemoteAdmin enable)
- I added the user with all possible access rights to the WMI Security settings (for the root name space, and I also checked that the settings are correctly propagated to the namespace I'm querying, root/cimv2) via wmimgmt.msc
- I enabled remote access for the user in DCOM COM security
I still get the same error every time I run my query, is there anything else that I may have missed?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
WMI 权限比典型权限严格得多,如链接有详细描述。简而言之,您要么需要启用名为“受信任的委派”的 Active Directory 权限(该权限非常强大但不推荐),要么添加显式凭据,如 Uros 引用的 MS 链接中所述。
WMI rights are much tighter than typical, as the link provided by Uros describes in detail. In short, you will either need to enable the Active Directory right called "Trusted for Delegation", which is extremely powerful and not recommended, or add explicit credentials, as described in the MS link referenced by Uros.