"Access denied" configuring WinRM using a local administration account


Article ID: 157383


Updated On:


Security Information Manager


When configuring WinRM on a local computer with a local administrator account you can have this error:

    Message = Access is denied.

Error number:  -2147024891 0x80070005
Access is denied.


This error happens even if the account is a Local Administrator and the command line is run with administrator privileges.

To solve the problem, UAC filtering for local accounts must be disabled by creating the following DWORD registry entry and setting its value to 1:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] LocalAccountTokenFilterPolicy

Because of User Account Control (UAC), the remote account must be a domain account and a member of the remote computer Administrators group.
If the account is a local computer member of the Administrators group, then UAC does not allow access to the WinRM service.