通过 WMI 查询远程系统返回非管理员访问被拒绝

发布于 2024-09-18 06:48:47 字数 380 浏览 11 评论 0原文

我有一个简单的 WMI 查询,在本地运行良好,但查询远程系统会出现访问被拒绝错误。当我将本地用户作为管理员组的成员添加到远程系统时,查询按预期工作,但我不想让该用户作为该组的成员。

我已经尝试了以下操作,不幸的是到目前为止还没有成功:

  • 我为防火墙启用了 RemoteAdmin(netsh 防火墙设置服务 RemoteAdmin 启用)
  • 我添加了对 WMI 安全设置具有所有可能访问权限的用户(对于根名称空间,并且我还检查了设置是否通过 wmimgmt.msc 正确传播到我正在查询的命名空间 root/cimv2)
  • 我在 DCOM COM 安全性中为用户启用了远程访问

我每次运行查询时仍然遇到相同的错误,是吗还有什么我可能错过的吗?

I have a simple WMI query that runs fine locally, but querying a remote system gives an access denied error. When I add the local user to the remote system as member of the administrator group, the query works as expected, but I don't want to have that user as a member of that group.

I already tried the following things, unfortunately not successful so far:

  • I enabled RemoteAdmin for the firewall (netsh firewall set service RemoteAdmin enable)
  • I added the user with all possible access rights to the WMI Security settings (for the root name space, and I also checked that the settings are correctly propagated to the namespace I'm querying, root/cimv2) via wmimgmt.msc
  • I enabled remote access for the user in DCOM COM security

I still get the same error every time I run my query, is there anything else that I may have missed?

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(1

原野 2024-09-25 06:48:52

WMI rights are much tighter than typical, as the link provided by Uros describes in detail. In short, you will either need to enable the Active Directory right called "Trusted for Delegation", which is extremely powerful and not recommended, or add explicit credentials, as described in the MS link referenced by Uros.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文