search

cesbit / aiowmi

Python WMI Queries
GNU General Public License v3.0
27 stars 8 forks source link

Windows 10 WBEM_E_ACCESS_DENIED #35

Closed KoBOLL closed 3 months ago

KoBOLL commented 3 months ago

Describe the bug Get WBEM_E_ACCESS_DENIED while trying to query SELECT Name FROM Win32_UserAccount on remote Windows 10 machine. Same code works as expected on Windows 7 and Windows Server 2019.

The user on the target machine is configured correctly because wbemtest from another Windows 10 is working correctly. However, wbemtest running from Windows 7 also gives access denied.

This appears in function anext from qcontext.py

To Reproduce Steps to reproduce the behavior: Try to query from Win32_UserAccount

Expected behavior Get user accounts

Additional context It is worth noting that quering SELECT * FROM __InstanceCreationEvent works as expected.

riklempens commented 3 months ago

@KoBOLL please have a look at our InfraSonar troubleshooting guide for WMI.

Let me know if this helped you fix the issue.

The issue is potentially not related to the aiowmi library but seems to be a local configuration issue on the Windows 10 system.

KoBOLL commented 3 months ago

@KoBOLL please have a look at our InfraSonar troubleshooting guide for WMI.

Let me know if this helped you fix the issue.

The issue is potentially not related to the aiowmi library but seems to be a local configuration issue on the Windows 10 system.

Thank you, sir. After winrm quickconfig all works as expected.

But I'm still very curious - why wbemtest on windows 10 and impacket worked without this command. I'd really appreciate it if you could point me in the right direction.

riklempens commented 3 months ago

But I'm still very curious - why wbemtest on windows 10 and impacket worked without this command. I'd really appreciate it if you could point me in the right direction.

Where both Windows 10 hosts active directory joined? Or perhaps using the same account name and password? wbemtest does not have to authenticate in this scenario as there is already a trusted connection.

I am unclear why impacket is working but maybe this was executed in a similar setup than how you performed the wbem test.

Would you be interested in having a look at our monitoring solution InfraSonar, it is open source with a managed cloud backend.