How to configure low privilege user to collect WMI events remotely.
search cancel

How to configure low privilege user to collect WMI events remotely.

book

Article ID: 51694

calendar_today

Updated On:

Products

CA Security Command Center CA Data Protection (DataMinder) CA User Activity Reporting

Issue/Introduction

Description:

To provide necessary permissions for a particular low-privilege user to connect remotely Via WMI and query the remote machine.

Solution:

To provide necessary permissions for a particular low-privilege user to connect remotely Via WMI and query the remote machine follow the following steps:

If the user account that is on Computer A is not an administrator on Computer B, the user must be given DCOM Remote Launch and Remote Activation privileges on Computer B by running Dcomcnfg.exe at the command prompt. The 0x80070005 error occurs when this privilege is not set.

To grant DCOM remote launch and activation permissions for a user or group go to the remote computer and do the following:

  1. Click Start; click Run, type DCOMCNFG, and then click OK.

  2. In the Component Services dialog box, expand Component Services, expand Computers and then right-click My Computer and click Properties.

  3. In the My Computer Properties dialog box, click the COM Security tab.

  4. Under Access Permissions, click Edit Limits.

  5. In the Access Permission dialog box, follow these steps if your name or your group does not appear in the Groups or user names list:

    1. In the Access Permission dialog box, click Add.

    2. In the Select Users, Computers, or Groups dialog box, add your name and the group in the Enter the object names to select box, and then click OK.

  6. In the Access Permission dialog box, select your user and group in the Group or user names box. In the Permissions for Account box below, check Local Access and Remote Access, and then click OK.

  7. Under Launch and Activation Permissions, click Edit Limits.

  8. In the Launch Permission dialog box, follow these steps if your name or your group does not appear in the Groups or user names list:

    1. In the Launch Permission dialog box, click Add.

    2. In the Select Users, Computers, or Groups dialog box, add your name and the group in the Enter the object names to select box, and then click OK.

  9. In the Launch Permission dialog box, select your user and group in the Group or user names box. In the Permissions for User box below, check Remote Launch and Remote Activation, and then click OK.

Allowing Users Access to a Specific WMI Namespace

You can allow or disallow user's access to a specific WMI namespace by setting the "Remote Enable" permission in the WMI Control for a namespace. If a user tries to connect to a namespace they are not allowed access to, they will receive error 0x80041003. By default, this permission is enabled only for administrators. An administrator can enable remote access to specific WMI namespaces for a non-administrator user.

The following procedure sets remote enable permissions for a non-administrator user on a remote computer.

To set remote enable permissions

  1. Right click on My Computers on the remote system and select Manage.

  2. Select Services and Applications. On the WMI Control right click and select properties. Select Security Tab.

  3. In the Security tab, select the appropriate namespace and click Security at the bottom.

  4. Locate the appropriate account and grant required Permissions in the list.

Environment

Release:
Component: CAELM
Powered by Wolken Software