"Access denied" configuring WinRM using a local administration account

book

Article ID: 157383

calendar_today

Updated On:

Products

Security Information Manager

Issue/Introduction

When configuring WinRM on a local computer with a local administrator account you can have this error:

WSManFault
    Message = Access is denied.

Error number:  -2147024891 0x80070005
Access is denied.

Resolution

This error happens even if the account is a Local Administrator and the command line is run with administrator privileges.

To solve the problem, UAC filtering for local accounts must be disabled by creating the following DWORD registry entry and setting its value to 1:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] LocalAccountTokenFilterPolicy


Because of User Account Control (UAC), the remote account must be a domain account and a member of the remote computer Administrators group.
If the account is a local computer member of the Administrators group, then UAC does not allow access to the WinRM service.

http://msdn.microsoft.com/en-us/library/aa384423.aspx