Set WMI Namespace Security on a system

This script will provide the ability to utilize PowerShell to modify the default security of a WMI namespace.

 
 
 
 
 
(0)
3,074 times
Add to favorites
Operating System
4/9/2018
E-mail Twitter del.icio.us Digg Facebook
  • Hi
    1 Posts | Last post November 06, 2019
    • Line 85 instead of 
      
      $remoteparams = @{ComputerName=$computer;Credential=$credential}
      
      should be :
      $remoteparams = @{ComputerName=$computerName;Credential=$credential}
      
      so you can execute against remote computers :
      Set-WMINamespaceSecurity.ps1' root/cimv2 add "Domain\NonAdminMgmtUser" Enable,RemoteAccess,ReadSecurity,MethodExecute -computerName NameOfRemotePc
      
      Using this script and adding "Domain\NonAdminMgmtUser" to groups "Performance Log Users" and "Distributed COM Users" Now I can run WMI queries without Admin.
      
      Thanks
  • A bug
    3 Posts | Last post December 11, 2018
    • I believe this line is a bug;
      $ace.AceFlags = $OBJECT_INHERIT_ACE_FLAG + $CONTAINER_INHERIT_ACE_FLAG
      
      I dont think WMI supports the Ace Flags of "3" - object and container.
      
      I think it should be this instead.
      $ace.AceFlags = $CONTAINER_INHERIT_ACE_FLAG
      
      When I run you version with -allowInherit $true I get an error
      When I the fixed version, it completes and set the permissions to sub folders in WMI correctly.
    • Hi NJK-Work -
      
      This is an interesting question that someone internally asked as well...
      
      I didn't modify the code, I just cleaned it up, verified functionality, and uploaded to the gallery.  I will reach out to the original author and see what his thoughts are, but feel free to make the modification (as you did).
    • Hi NJK-Work
      
      You are absolutely correct, this is a bug in the script. Good catch!