Invoke-WmiMethod access denied

[jcoltrin70]

Hi I tried your script. I am logged in with a domain admin account and want to push a read-only user to a server for wmi monitoring. I ran the script, and when prompted to provide the Identity, I specified the domain user account. I received an access denied message. Also I was not prompted to provide the computer name of the server I want to install this account on and monitor read-only. Is this script to be run on the server I want the account installed on?

PS C:\Users\domainadmin\Desktop\setupWMI\setNetmonPermissions> .\Set-WMIReadOnlyAccess.ps1
cmdlet Set-WMIReadOnlyAccess.ps1 at command pipeline position 1
Supply values for the following parameters:
Identity: netmon
WARNING: Exception calling "add" with "1" argument(s): "Access is denied.
"
WARNING: Exception calling "add" with "1" argument(s): "Access is denied.
"
Invoke-WmiMethod : Access denied 
At C:\Users\domainadmin\Desktop\setupWMI\setNetmonPermissions\Set-WMIReadOnlyAccess.ps1:238 char:19
+         $output = Invoke-WmiMethod @invokeparams -Name GetSecurityDescriptor
+                   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
    + FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod

[JustinGrote]

If you don't specify a computername it will run on the local computer by default.

I also didn't write the script, I just refactored it into an easy to use module. The original script is here: http://vniklas.djungeln.se/2012/08/22/set-up-non-admin-account-to-access-wmi-and-performance-data-remotely-with-powershell/

I didn't add a lot of comment based help but you can do get-help set-wmireadonlyaccess.ps1 -detailed and get an idea of the syntax.

On Fri, Feb 12, 2016 at 11:37 AM jcoltrin70 notifications@github.com wrote:

Hi I tried your script. I am logged in with a domain admin account and want to push a read-only user to a server for wmi monitoring. I ran the script, and when prompted to provide the Identity, I specified the domain user account. I received an access denied message. Also I was not prompted to provide the computer name of the server I want to install this account on and monitor read-only. Is this script to be run on the server I want the account installed on?

PS C:\Users\domainadmin\Desktop\setupWMI\setNetmonPermissions> .\Set-WMIReadOnlyAccess.ps1 cmdlet Set-WMIReadOnlyAccess.ps1 at command pipeline position 1 Supply values for the following parameters: Identity: netmon WARNING: Exception calling "add" with "1" argument(s): "Access is denied. " WARNING: Exception calling "add" with "1" argument(s): "Access is denied. " Invoke-WmiMethod : Access denied At C:\Users\domainadmin\Desktop\setupWMI\setNetmonPermissions\Set-WMIReadOnlyAccess.ps1:238 char:19

• $output = Invoke-WmiMethod @invokeparams -Name GetSecurityDescriptor

• 
  - CategoryInfo          : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
  - FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod

— Reply to this email directly or view it on GitHub https://github.com/JustinGrote/Scripts/issues/1.

[jcoltrin70]

Thank you for your quick reply! I did specify the computer name, but it returned the same error. Also, the get-help did not produce any output/examples. I wonder if it’s the syntax of the command I used?

PS C:\Users\domainadminDesktop\setupWMI\setNetmonPermissions> “computername", “domainadminuser", “cn.root.domain.com" | %(.\Set-WMIReadOnlyAccess.ps1)

cmdlet Set-WMIReadOnlyAccess.ps1 at command pipeline position 1 Supply values for the following parameters: Identity: 040netmon WARNING: Exception calling "add" with "1" argument(s): "Access is denied. " WARNING: Exception calling "add" with "1" argument(s): "Access is denied. " Invoke-WmiMethod : Access denied At C:\Users\040autoadmin\Desktop\setupWMI\setNetmonPermissions\Set-WMIReadOnlyAccess.ps1:238 char:19

• $output = Invoke-WmiMethod @invokeparams -Name GetSecurityDescriptor

• 
  - CategoryInfo          : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
  - FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod

From: Justin Grote notifications@github.com<mailto:notifications@github.com> Reply-To: JustinGrote/Scripts reply@reply.github.com<mailto:reply@reply.github.com> Date: Friday, February 12, 2016 at 12:31 PM To: JustinGrote/Scripts Scripts@noreply.github.com<mailto:Scripts@noreply.github.com> Cc: Jason Coltrin JColtrin@brooks.edu<mailto:JColtrin@brooks.edu> Subject: Re: [Scripts] Invoke-WmiMethod access denied (#1)

If you don't specify a computername it will run on the local computer by default.

I also didn't write the script, I just refactored it into an easy to use module. The original script is here: http://vniklas.djungeln.se/2012/08/22/set-up-non-admin-account-to-access-wmi-and-performance-data-remotely-with-powershell/

I didn't add a lot of comment based help but you can do get-help set-wmireadonlyaccess.ps1 -detailed and get an idea of the syntax.

On Fri, Feb 12, 2016 at 11:37 AM jcoltrin70 notifications@github.com<mailto:notifications@github.com> wrote:

Hi I tried your script. I am logged in with a domain admin account and want to push a read-only user to a server for wmi monitoring. I ran the script, and when prompted to provide the Identity, I specified the domain user account. I received an access denied message. Also I was not prompted to provide the computer name of the server I want to install this account on and monitor read-only. Is this script to be run on the server I want the account installed on?

PS C:\Users\domainadmin\Desktop\setupWMI\setNetmonPermissions> .\Set-WMIReadOnlyAccess.ps1 cmdlet Set-WMIReadOnlyAccess.ps1 at command pipeline position 1 Supply values for the following parameters: Identity: netmon WARNING: Exception calling "add" with "1" argument(s): "Access is denied. " WARNING: Exception calling "add" with "1" argument(s): "Access is denied. " Invoke-WmiMethod : Access denied At C:\Users\domainadmin\Desktop\setupWMI\setNetmonPermissions\Set-WMIReadOnlyAccess.ps1:238 char:19

• $output = Invoke-WmiMethod @invokeparams -Name GetSecurityDescriptor
• CategoryInfo : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
• FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod

— Reply to this email directly or view it on GitHub https://github.com/JustinGrote/Scripts/issues/1.

— Reply to this email directly or view it on GitHubhttps://github.com/JustinGrote/Scripts/issues/1#issuecomment-183478176.

[JustinGrote]

Are you also a local administrator on the target computer? Won't work if you're not. Domain admin credentials work best.

On Fri, Feb 12, 2016, 12:52 PM jcoltrin70 notifications@github.com wrote:

Thank you for your quick reply! I did specify the computer name, but it returned the same error. Also, the get-help did not produce any output/examples. I wonder if it’s the syntax of the command I used?

PS C:\Users\domainadminDesktop\setupWMI\setNetmonPermissions> “computername", “domainadminuser", “cn.root.domain.com" | %(.\Set-WMIReadOnlyAccess.ps1)

cmdlet Set-WMIReadOnlyAccess.ps1 at command pipeline position 1 Supply values for the following parameters: Identity: 040netmon WARNING: Exception calling "add" with "1" argument(s): "Access is denied. " WARNING: Exception calling "add" with "1" argument(s): "Access is denied. " Invoke-WmiMethod : Access denied At C:\Users\040autoadmin\Desktop\setupWMI\setNetmonPermissions\Set-WMIReadOnlyAccess.ps1:238 char:19

• $output = Invoke-WmiMethod @invokeparams -Name GetSecurityDescriptor
• CategoryInfo : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
• FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod

From: Justin Grote <notifications@github.com<mailto: notifications@github.com>> Reply-To: JustinGrote/Scripts <reply@reply.github.com<mailto: reply@reply.github.com>> Date: Friday, February 12, 2016 at 12:31 PM To: JustinGrote/Scripts <Scripts@noreply.github.com<mailto: Scripts@noreply.github.com>> Cc: Jason Coltrin JColtrin@brooks.edu<mailto:JColtrin@brooks.edu> Subject: Re: [Scripts] Invoke-WmiMethod access denied (#1)

If you don't specify a computername it will run on the local computer by default.

I also didn't write the script, I just refactored it into an easy to use module. The original script is here:

http://vniklas.djungeln.se/2012/08/22/set-up-non-admin-account-to-access-wmi-and-performance-data-remotely-with-powershell/

I didn't add a lot of comment based help but you can do get-help set-wmireadonlyaccess.ps1 -detailed and get an idea of the syntax.

On Fri, Feb 12, 2016 at 11:37 AM jcoltrin70 <notifications@github.com mailto:notifications@github.com> wrote:

Hi I tried your script. I am logged in with a domain admin account and want to push a read-only user to a server for wmi monitoring. I ran the script, and when prompted to provide the Identity, I specified the domain user account. I received an access denied message. Also I was not prompted to provide the computer name of the server I want to install this account on and monitor read-only. Is this script to be run on the server I want the account installed on?

PS C:\Users\domainadmin\Desktop\setupWMI\setNetmonPermissions> .\Set-WMIReadOnlyAccess.ps1 cmdlet Set-WMIReadOnlyAccess.ps1 at command pipeline position 1 Supply values for the following parameters: Identity: netmon WARNING: Exception calling "add" with "1" argument(s): "Access is denied. " WARNING: Exception calling "add" with "1" argument(s): "Access is denied. " Invoke-WmiMethod : Access denied At C:\Users\domainadmin\Desktop\setupWMI\setNetmonPermissions\Set-WMIReadOnlyAccess.ps1:238 char:19

• $output = Invoke-WmiMethod @invokeparams -Name GetSecurityDescriptor
• CategoryInfo : InvalidOperation: (:) [Invoke-WmiMethod], ManagementException
• FullyQualifiedErrorId : InvokeWMIManagementException,Microsoft.PowerShell.Commands.InvokeWmiMethod

— Reply to this email directly or view it on GitHub https://github.com/JustinGrote/Scripts/issues/1.

— Reply to this email directly or view it on GitHub< https://github.com/JustinGrote/Scripts/issues/1#issuecomment-183478176>.

— Reply to this email directly or view it on GitHub https://github.com/JustinGrote/Scripts/issues/1#issuecomment-183484661.