locked
How to connect to WMI using System.Management.ConnectionOptions for alternate credentials in powershell RRS feed

  • Question

  • I think the error messages I'm getting are related to something powershell is doing- only because the c# snippets I've seen do almost the same thing I'm doing here. Is there something powershell is doing here that I need to worry about or did I screw something up?

    Also I know this is not the powershell way of doing this, but I'm exploring .NET so if I could get this working it would be neat.

     

    	$Computer = "10.123.123.123"
     $Query = "select * from win32_computersystem"
     $Scope = "\\$Computer\Root\cimv2"
    	$Impersonation = "Impersonate"
    	$Authentication = "Default"
    	$UserName = "administrator"
    	$Password = "My Password"
    		
    	$ConnectionOptions = New-Object System.Management.ConnectionOptions
    	$ConnectionOptions.Impersonation = $Impersonation
     $ConnectionOptions.Authentication = $Authentication
     $ConnectionOptions.EnablePrivileges = $TRUE
     $ConnectionOptions.Username = $User
     $ConnectionOptions.Password = $Password
    
     	$EnumerationOptions = New-Object System.Management.EnumerationOptions
    	$EnumerationOptions.Rewindable = $false
     
     	$wmiScope = new-Object System.Management.ManagementScope($Scope, $ConnectionOptions)
    	$wmiScope.Connect()
     	$wmiQuery = New-Object System.Management.ObjectQuery($Query)
     	$Results = New-Object System.Management.ManagementObjectSearcher($wmiScope, $wmiQuery, $EnumerationOptions)
     	$Results.Get()


    Exception calling "Connect" with "0" argument(s): "Value does not fall within the expected range."
    At line:21 char:19
    + $wmiScope.Connect <<<< ()
     + CategoryInfo  : NotSpecified: (:) [], MethodInvocationException
     + FullyQualifiedErrorId : DotNetMethodException
     
    Exception calling "Get" with "0" argument(s): "Value does not fall within the expected range."
    At line:24 char:17
    + $Results.Get <<<< () 
     + CategoryInfo  : NotSpecified: (:) [], MethodInvocationException
     + FullyQualifiedErrorId : DotNetMethodException
    Wednesday, August 3, 2011 4:35 PM

Answers

  • I just noticed you assign a value to $UserName, but then use $User when you assign a value to the property of the $ConnectionOptions object. Does it fix the problem if you use $UserName? Also, for a local account, on computer MyComputer, I would specify the user as "MyComputer\UserName". If it is a domain account, I would use "MyDomain\UserName". I have also used "username@mydomain.com" and the Distinguished Name, but only for domain accounts.

     


    Richard Mueller - MVP Directory Services
    • Marked as answer by red888 Wednesday, August 3, 2011 7:07 PM
    Wednesday, August 3, 2011 6:20 PM

All replies

  •  

    It works fine for me.  Are you using th correct credentials?  Did you include the domain name?

    dom/user

     

     


    jv
    Wednesday, August 3, 2011 4:55 PM
  • Yes I have tried that as well, but I get the same error message (though my intention is to use this to connect to a PC via the local administrator). If I exclude the connectionoptions I can connect. This will work for me:

    $wmiScope = new-Object System.Management.ManagementScope($Scope)#, $ConnectionOptions)

    It only throws that error when I try the include the ConnectionOptions.

    Wednesday, August 3, 2011 5:02 PM
  • In all examples I have found, there is no $wmiScope.Connect() method. I believe your script will work if you remove this statement. For example, see this thread:

    http://social.technet.microsoft.com/Forums/en-US/winserverpowershell/thread/026dafeb-6b5d-4593-b740-35058ff0b4f1

     


    Richard Mueller - MVP Directory Services
    Wednesday, August 3, 2011 5:05 PM
  • Following that link I tried this again with a few times with different options and found the username and password options are cause this error. I don't understand why though. I have tried every combination I can think of for the username:

    Username: myuser, mydom\myuser, myuser@mydom.local, localAdmin (local admin of the remote computer), RemoteComputer\localAdmin

    I really only wanted to specify different credentials so I could connect as the local admin of a remote PC (for PCs not joined to the domain), but I can't even get it to work with domain accounts.

    Wednesday, August 3, 2011 5:22 PM
  • I tried this a few more times and found that if I don't use the user name option, but keep the password option while specifying the password of the currently logged on user (me) I can connect to a remote PC. If I put in the incorrect password for my account I get a different message:

    Exception calling "Get" with "0" argument(s): "Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))"
    At line:25 char:17
    +    $Results.Get <<<< ()  
      + CategoryInfo     : NotSpecified: (:) [], MethodInvocationException
      + FullyQualifiedErrorId : DotNetMethodException

    So it looks like the password option is working, but whenever I try to use the username, no matter how I enter it, it keeps throwing that other error message.

    Wednesday, August 3, 2011 6:11 PM
  • I just noticed you assign a value to $UserName, but then use $User when you assign a value to the property of the $ConnectionOptions object. Does it fix the problem if you use $UserName? Also, for a local account, on computer MyComputer, I would specify the user as "MyComputer\UserName". If it is a domain account, I would use "MyDomain\UserName". I have also used "username@mydomain.com" and the Distinguished Name, but only for domain accounts.

     


    Richard Mueller - MVP Directory Services
    • Marked as answer by red888 Wednesday, August 3, 2011 7:07 PM
    Wednesday, August 3, 2011 6:20 PM
  • Oh man I can't believe that was my problem. So simple! I was getting close though. I did a  $wmiScope.PSBase.get_options() and noticed the username option was blank- because $user was empty- duh. The only reason I use $wmiScope.connect() was cause I saw it in all the .NET code snippets and it works whether its necessary or not. I also used the authority property instead of just adding it to the username. 

    This works for me now:

     

    	$Computer = "10.123.123.10"
     $Query = "select * from win32_computersystem"
     $Scope = "\\$Computer\Root\cimv2"
    	$Impersonation = "Impersonate"
    	$Authentication = "Default"
    	$Authority = "ntlmdomain:RemotePCname"
    	$UserName = "Administrator"
    	$Password = 'Local password'
    		
    	$ConnectionOptions = New-Object System.Management.ConnectionOptions
    	$ConnectionOptions.Username = $User
     $ConnectionOptions.Password = $Password
    	$ConnectionOptions.Authority = $Authority
    	$ConnectionOptions.Impersonation = $Impersonation
     $ConnectionOptions.Authentication = $Authentication
     $ConnectionOptions.EnablePrivileges = $TRUE
     $ConnectionOptions.Username = $UserName
     $ConnectionOptions.Password = $Password
    
     	$EnumerationOptions = New-Object System.Management.EnumerationOptions
    	$EnumerationOptions.Rewindable = $false
     
     	$wmiScope = new-Object System.Management.ManagementScope($Scope, $ConnectionOptions)
    	$wmiScope.Connect()
     	$wmiQuery = New-Object System.Management.ObjectQuery($Query)
     	$Results = New-Object System.Management.ManagementObjectSearcher($wmiScope, $wmiQuery, $EnumerationOptions)
     	$Results.get()


     


    Wednesday, August 3, 2011 7:07 PM