Set WMI Namespace Security on a system

This script will provide the ability to utilize PowerShell to modify the default security of a WMI namespace.

3,074 times
Add to favorites
Operating System
E-mail Twitter Digg Facebook
  • Hi
    1 Posts | Last post November 06, 2019
    • Line 85 instead of 
      $remoteparams = @{ComputerName=$computer;Credential=$credential}
      should be :
      $remoteparams = @{ComputerName=$computerName;Credential=$credential}
      so you can execute against remote computers :
      Set-WMINamespaceSecurity.ps1' root/cimv2 add "Domain\NonAdminMgmtUser" Enable,RemoteAccess,ReadSecurity,MethodExecute -computerName NameOfRemotePc
      Using this script and adding "Domain\NonAdminMgmtUser" to groups "Performance Log Users" and "Distributed COM Users" Now I can run WMI queries without Admin.
  • A bug
    3 Posts | Last post December 11, 2018
    • I believe this line is a bug;
      I dont think WMI supports the Ace Flags of "3" - object and container.
      I think it should be this instead.
      When I run you version with -allowInherit $true I get an error
      When I the fixed version, it completes and set the permissions to sub folders in WMI correctly.
    • Hi NJK-Work -
      This is an interesting question that someone internally asked as well...
      I didn't modify the code, I just cleaned it up, verified functionality, and uploaded to the gallery.  I will reach out to the original author and see what his thoughts are, but feel free to make the modification (as you did).
    • Hi NJK-Work
      You are absolutely correct, this is a bug in the script. Good catch!