WMI permission root\RSOP\Computer


  • I have a user folder redirection policy and only want it to run on computers in certain OU's.  I've got this WMI query in namespace root\rsop\computer

    Select * From RSOP_Session Where SOM = 'OU=Desktops,OU=Unit 15,OU=PH UK,DC=DOMAIN,DC=local' OR SOM='OU=Desktops,OU=Unit 16,OU=DOMAIN,DC=ph-hq,DC=local'

    It returns false for machines that should be true.  I think I have found the problem, and its that the standard user doesn't have the rights to read from root\rsop\computer

    They can read from root\CIMv2 and if I put the user in local administrators group root\rsop\computer query works

    How do I grant read permission to root\rsop\computer for standard users and would like to do this globally.

    • Moved by Bill_Stewart Wednesday, February 18, 2015 8:58 PM Move to more appropriate forum
    Friday, December 19, 2014 12:09 PM

All replies

  • Why not turn on loopback processing on the gpo and link it to the 'desktops' OUs?

    You can edit wmi permissions but I would not recommend that for this purpose.


    Friday, December 19, 2014 12:51 PM
  • You should not use RSOP for anything to do with logons.  The data does not normally exist.  It is generated on demand When RSOP reprots are run.

    You can always get the computers OU from its "Parent" property or from the distinguishedName.

    What script are you using?

    SenneVL is correct that you shoul be using Group Policy targeted at the OU where you want it to run.  THe redirection policy runs as a USER configuration and belongs in teh users OU not the computers OU.


    • Edited by jrv Friday, December 19, 2014 1:27 PM
    Friday, December 19, 2014 1:25 PM