Re: User rigths for WMI access

Your user account should only require "Remote Enable" and "Enable Account"
security settings on the namespace to be able to read data, you can verify
these settings in winmgmt.msc.

Can you post the section of code where you do the connection to the
root\cimv2 namespace? Sometimes a common error that causes this problem is
specifying the user name without the domain\user format or the computer\user
format, sometimes users just specify the "user" and this error can result.

--
Scott McNairy
Microsoft MVP - Windows Server Management Infrastructure


"tango" <tango@xxxxxxxxxxxxxxxx> wrote in message
news:425CCF9B.8000207@xxxxxxxxxxxxxxxxxxx
> Scott McNairy (MVP) wrote:
>> See this link, however to help further a WMI class name would be helpful
>> and any relevant source code you can provide as well. Often times these
>> issues are client permissions related, so even if a client has access to
>> a namespace additional permissions may be required, having the class name
>> that the user is having trouble with will help us narrow it down.
>>
>> http://www.microsoft.com/technet/scriptcenter/resources/wmifaq.mspx#EFAA
>>
>> Thanks
>>
>
> Thank you for your answer, we have checked the link you gave us in your
> response, and we are now sure we have already correctly configured
> namespace permissions.
>
> Our application performs querys to operating system classes (such as
> win32_process, win32_service, win32_operatingsystem, win32_computersystem,
> and some more) and performance classes (such as
> win32_perfrawdata_perfos_processor, win32_perfrawdata_perfos_memory,
> win32_perfrawdata_perfproc_process), all in root/cimv2 namespace.
>
> We know a "local administrator" user can perform these queries, but we
> don't like to use administator due to security risks. We have searched in
> internet and we have not found any information that permits us to create a
> harmless user with enough permissions to perform these queries.
>
> Anytime we have detected an "Access denied" error with our application we
> have tried the same WMI query using wbemtest.exe and both applications
> have the same behabiour (access denied), so we understand there is not a
> problem with our application but a problem with user rights.
>
> Thanks


.

Relevant Pages

  • Re: Thinking outside the box on file systems
    ... If the /etc/shadow permissions depend on inherited ACLs to enforce access then that one little command just made your shadow file world-readable/writeable. ... I can probably have an open directory handle to a volume in a completely different namespace, a volume which isn't even *MOUNTED* in my current fs namespace. ... Yes, the effective acl of the open directory is kept in memory, but in the directory itself, not the handle to it, thus when the directory is moved, it's acl is recomputed for the new location and updated immediately. ...
    (Linux-Kernel)
  • Re: scanning sysfs to populate /dev
    ... the kernel only deals with devices by their device code. ... > Having a device namespace in the kernel, is a departure from that philosophy. ... > external policy, and now it is migrating to device drivers. ... permissions for any nodes it just creates them with the default permissions ...
    (comp.os.linux.development.system)
  • WebDAV - Permissions on message with attachments
    ... What permissions do you need to set on an exchange message item to be ... X-MS-ENUMATTS WebDAV method. ... namespace is typically ...
    (microsoft.public.exchange.applications)
  • Re: User rights analysis
    ... >which and which kinds of resources exist in this forest. ... This "personal" namespace contains all the ... resources the user has permissions to and can be mapped as a drive. ... The personal namespace ...
    (microsoft.public.windows.server.active_directory)
  • Re: User rigths for WMI access
    ... Often times these issues are client permissions related, so even if a client has access to a namespace additional permissions may be required, having the class name that the user is having trouble with will help us narrow it down. ... Our application performs querys to operating system classes (such as ... We know a "local administrator" user can perform these queries, but we don't like to use administator due to security risks. ... We have searched in internet and we have not found any information that permits us to create a harmless user with enough permissions to perform these queries. ...
    (microsoft.public.windowsxp.wmi)