locked
WMI Access Denied RRS feed

  • Question

  • I have a windows 20008 r2 server that I am getting Access is denied 0x80070005 error when using the wbemtest for wmi.  I am trying to get our network monitoring software to get information using wmi.  Any suggestions would be helpful.

    Thanks

    Monday, December 22, 2014 1:59 PM

Answers

  • Hi,

    Did you connect the WMI remotely?

    Meanwhile, please also confirm whether you can connect to a remote server via WMI. If it is the local WMI, please check the DCOM and WMI permission

    Step 1. DCOM permission

     1.    Open Dcomcnfg

     2.    Expand Component Service -> Computers -> My computer

     3.    Go to the properties of My Computer

     4.    Select the COM Security Tab

     5.    Click on "Edit Limits" under Access Permissions, and ensure "Everyone" user group has "Local Access" and "Remote Access" permission.

     6.    Click on the "Edit Limit" for the launch and activation permissions, and ensure "Everyone" user group has "Local Activation" and "Local Launch" permission.

     7.    Highlight "DCOM Config" node, and right click "Windows Management and Instruments", and click Properties.

     8.    <Please add the steps to check Launch and Activation Permissions, Access Permissions, Configuration Permissions based on the default of Windows Server 2008>

    Step 2. Permission for the user to the WMI namespace

     1.    Open WMImgmt.msc

     2.    Go to the Properties of WMI Control

     3.    Go to the Security Tab

     4.    Select "Root" and open "Security"

     5.    Ensure "Authenticated Users" has "Execute Methods", "Provider Right" and "Enable Account" right; ensure Administrators has all permission.

    Step 3. Verify WMI Impersonation Rights

     1.Click Start, click Run, type gpedit.msc, and then click OK.
     2.Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings.
     3.Expand Security Settings, expand Local Policies, and then click User Rights Assignment.
     4.Verify that the SERVICE account is specifically granted Impersonate a client after authentication rights.

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    • Proposed as answer by Vivian_Wang Friday, December 26, 2014 2:58 AM
    • Marked as answer by Vivian_Wang Monday, December 29, 2014 5:34 AM
    Tuesday, December 23, 2014 8:49 AM

All replies

  • Hi,

    Did you connect the WMI remotely?

    Meanwhile, please also confirm whether you can connect to a remote server via WMI. If it is the local WMI, please check the DCOM and WMI permission

    Step 1. DCOM permission

     1.    Open Dcomcnfg

     2.    Expand Component Service -> Computers -> My computer

     3.    Go to the properties of My Computer

     4.    Select the COM Security Tab

     5.    Click on "Edit Limits" under Access Permissions, and ensure "Everyone" user group has "Local Access" and "Remote Access" permission.

     6.    Click on the "Edit Limit" for the launch and activation permissions, and ensure "Everyone" user group has "Local Activation" and "Local Launch" permission.

     7.    Highlight "DCOM Config" node, and right click "Windows Management and Instruments", and click Properties.

     8.    <Please add the steps to check Launch and Activation Permissions, Access Permissions, Configuration Permissions based on the default of Windows Server 2008>

    Step 2. Permission for the user to the WMI namespace

     1.    Open WMImgmt.msc

     2.    Go to the Properties of WMI Control

     3.    Go to the Security Tab

     4.    Select "Root" and open "Security"

     5.    Ensure "Authenticated Users" has "Execute Methods", "Provider Right" and "Enable Account" right; ensure Administrators has all permission.

    Step 3. Verify WMI Impersonation Rights

     1.Click Start, click Run, type gpedit.msc, and then click OK.
     2.Under Local Computer Policy, expand Computer Configuration, and then expand Windows Settings.
     3.Expand Security Settings, expand Local Policies, and then click User Rights Assignment.
     4.Verify that the SERVICE account is specifically granted Impersonate a client after authentication rights.

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    • Proposed as answer by Vivian_Wang Friday, December 26, 2014 2:58 AM
    • Marked as answer by Vivian_Wang Monday, December 29, 2014 5:34 AM
    Tuesday, December 23, 2014 8:49 AM
  • Hi,

    Any update about the issue?

    Please feel free to let us know if you need further assistance.

    Regards.


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com

    Friday, December 26, 2014 2:58 AM