locked
Windows PowerShell WMI WIN32_Service not returning all services. RRS feed

  • Question

  • Hello,

    I have written a script to check that the DHCP Service is running on a Windows 2008 Server.  However when I execute the following command :

    get-wmiobject win32_service -filter "DisplayName Like '%Dhcp%'"

    As the local Administrator I get the DHCP Service state and one other services state returned however when I execute the same procedue logged in as a none Admin account I am not getting the state of the DHCP Service only the one other service.

    I have tried adding the user to the Administrator group with no success.  I have also tried changing the security in the WMI Control to give all permissions to the new user at the root namespace rather than on namespace \\root\cimv2 again with no success. 

    Does anybody know what I am doing wrong?

    Sam

    Tuesday, January 4, 2011 8:53 PM

Answers

  • I've finally got to the bottom of this. It appears that the win32_service class will only return a share if the calling user has the following sddl via group or directly against the object

    (A;;CCLCSWRPWPDTLOCRRC;;;<USERSID>)

    Once I had granted this on the service the wmi call returns as expected.

     

    Cheers

     

    Sam

     

    • Marked as answer by XSSammy Monday, January 10, 2011 4:17 PM
    Monday, January 10, 2011 4:17 PM

All replies

  • Setting permissions on WMI is generally not a good idea unless you know what you are doing. Otherwise you are setting yourself up for potential headaches down the road. I remember a similiar issue that was posted a while back and believe it had something to do with the permissions on the services themselves.  You can use Security Configuration and  Analysis MMC snapin to view and change the permissions on the services to see if a specific user group does not have access to view the services in question.

    I'll do some digging around to find that post and add the link here to see if it helps.

    Wednesday, January 5, 2011 1:34 PM
  • Thanks for the warning.  

    I am aware that the security could be a potential problem but I don't know of any other solution.  Possibly running the script as an administrator account seems to have more risk associated with it.

    If you could find that link I would be very grateful


    Sam

    Friday, January 7, 2011 5:15 PM
  • I've finally got to the bottom of this. It appears that the win32_service class will only return a share if the calling user has the following sddl via group or directly against the object

    (A;;CCLCSWRPWPDTLOCRRC;;;<USERSID>)

    Once I had granted this on the service the wmi call returns as expected.

     

    Cheers

     

    Sam

     

    • Marked as answer by XSSammy Monday, January 10, 2011 4:17 PM
    Monday, January 10, 2011 4:17 PM
  • Hi, XSSammy

    We faced with same issue. With local admin rights I got all 200+ services, but admin rights is not okay due to our political reasons. So when I try to perform win32_service wmi-request without adm rights, I got only 75 services (from the same remote server).

    Could you tell me please, how did you set up this SDDL?

    Did you use this command? 

    sc \\<server_name> sdset scmanager (A;;CCLCSWRPWPDTLOCRRC;;;<USERSID>)

    It didn't solve my issue actually :(

    Friday, September 4, 2020 6:49 AM