0

I am trying to query Win32_USBHub or Win32_DiskDrive on a remote server using PowerShell, but I am receiving the following error:

[PS]> Get-WmiObject -Class "Win32_USBHub" -ComputerName MyServer -Credential $Cred | Select -First 1

Get-WmiObject : Generic failure 
At line:1 char:1
+ Get-WmiObject -Class "Win32_USBHub" -ComputerName MyServer -Credential $Cred | S ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], ManagementException
+ FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

The same command works correctly when I use different credentials (i.e. an account that is a full Administrator of the remote host). I do not want to have to elevate $cred to be an Administrator though.

The $cred used is a member of the Distributed COM Users group on the remote machine and has Remote Enable rights set on the \root node in WMI Control, applied to This namespace and subspaces. Before doing that I was getting a simple "Access Denied" error.

The same command works correctly (i.e. does not throw an exception) when I query Win32_Process or Win32_OperatingSystem against that same remote host with the same credentials, proving that at least some remote WMI calls work successfully.

Can anyone suggest why I might be able to query some classes successfully and others not?

Charlie Joynt
  • 219
  • 1
  • 4
  • 11
  • 1
    You have to trace the providers and resources they query. Then analyze which resources require what permission levels. Correlate them and ensure your user object has them. It's a lot of work, but that's the process you use when avoiding elevation to admin. – Colyn1337 Jul 09 '16 at 18:39
  • Thanks. Wasn't sure that would be possible, so I'll have more confidence digging through now. If you have any links I'd appreciate it. :-) – Charlie Joynt Jul 11 '16 at 08:15

0 Answers0