WMI ‘Access Denied ‘ on remote computer

In my current project, I would like to monitor windows 2008 servers remotely and planned to use WMI. While my code worked locally, I got ‘Access Denied’ error while trying to access Windows 2008 servers.

Although, I enabled DCOM remote activation, I still received error and close to pulling my hair. Finally, I figured that permissions are not propagated and was set only at root level, causing an issue.

For everyone’s benefit, I listed steps below to configure DCOM and WMI to monitor remote servers

Configure DCOM


 

  • On the server to be managed click Start, click Run, type dcomcnfg, and then click OK.
  • In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click Properties.
  • In the My Computer Properties dialog box, click the COM Security tab.

Dcom Properties

  • Under Launch and Activation Permissions, click Edit Limits.
  • In the Launch Permission dialog box, select ‘Distributed COM Users‘. In the Allow column under Permissions for User, select Remote Launch and select Remote Activation, and then click OK.
  • Under Access Permissions, click Edit Limits.
  • In the Access Permission dialog box, select ‘Distributed COM Users‘. In the Allow column under Permissions for User, select Remote Access, and then click OK.
  • Add the user account to the Distributed COM Users Group in Computer Management, Local Users and Groups on the Server to be managed.
  • Add the user account to the Performance Log Users Group in Computer Management, Local Users and Groups on the Server to be managed.

Configure WMI


  • On the server to be managed click Start, click Run, type wmimgmt.msc, and then click OK.
  • In the console tree, right-click WMI Control, and then click Properties.
  • Click the Security tab.
  • Select the Root namespace and then click Security.
  • In the Security dialog box, click Add.
  • In the Select Users, Computers, or Groups dialog box, enter the user account. Click the Check Names button to verify your entry and then click OK.
  • In the Security dialog box, under Permissions, select ‘Enable Account’ and ‘Remote Enable’ for the user account.
  • Ensure the permissions propagate to all subnamespaces.
    • Under Security, Click Advanced and double click user/group to open properties
    • Select ‘This namespaces and subnamespaces’ to propagate permissions

Permission Settings

Tagged: , , ,