WMI Get Object Access Denied

0
votes
  1. Regular user logs in to domain
  2. Group Policy runs User Configuration -> Logon -> VBS Script
  3. Set ServerWMI = GetObject("winmgmts:\print\root\CIMV2")

  4. I get Access Denied as regular user, works for Domain Admin

  5. Tried changing GPO to run with admin parameters - /u:"domain\user" /p:"adminpassword"

  6. Tried impersonateLevel=impersonate
  7. Tried authenticationLevel=pktPrivacy
  8. Tried going to remote machine (print) and changing WMI CIMV2 permissions for Authenticated Users to have all the permissions

Need a non-admin user to run this logon script with sufficient privileges to Remotely query WMI on our print server. I do this to do Client/Server comparisons.

1
vbscriptpermissionswmi

1 Answers

0
votes

For remote WMI access with explicit credentials you have to use something like this:

server = "print"
user   = "domain\admin"
pass   = "password"

Set locator = CreateObject("WbemScripting.SWbemLocator")
Set svc = locator.ConnectServer(server, "root\cimv2", user, pass)
svc.Security_.ImpersonationLevel = 3

I strongly advise against doing this in any kind of user/login script.

A better approach would be to enable remote WMI access for the users who need it.

However, note that remote WMI access is usually not allowed for security reasons, so why do you believe you need this? What do you want to accomplish by giving your users remote WMI access?