Ureader.com  
Microsoft software help and Community
   home   |   control panel login   |   archive   |  
 
Windos
win32.3rdparty
win32.directx.audio
win32.directx.ddk
win32.directx.graphics
win32.directx.input
win32.directx.managed
win32.directx.misc
win32.directx.networking
win32.directx.sdk
win32.directx.video
win32.dirx.grap.shaders
win32.gdi
win32.international
win32.kernel
win32.messaging
win32.mmedia
win32.networks
win32.ole
win32.rtc
win32.tapi
win32.tapi.beta
win32.tools
win32.ui
win32.wince
win32.wmi
windows.mediacenter
winfx.aero
winfx.announcements
winfx.avalon
winfx.collaboration
winfx.fundamentals
winfx.general
winfx.indigo
winfx.sdk
winfx.winfs
  
 
date: Mon, 12 Mar 2007 06:44:03 -0700,    group: microsoft.public.win32.programmer.wmi        back       


Some 80041001 Generic Failure accessing remote WMI    
Some days ago I posted a message about problem accessing the 
"win32_BaseService" class remotely using WMI.  In that case the problem had 
no (good) solution:  It was mandatory to use an administrator profile to 
access the SCM.

Now, I'm posting some more issues about the same kind of problem but for 
other WMI classes.  Maybe these errors are related, maybe not.  Just in case, 
I'm posting all the queries with problems together..

We need to retrieve some  WMI information from a remote computer running 
Windows 2003 SP1 without using an Administrator user.  Using wbemtest to 
retrieve information of these queries:

"select * from win32_SystemResources"
"select * from win32_SystemSystemDriver"
"select * from win32_SystemServices"
"select * from win32_LoadOrderGroupServiceMembers"
"select * from win32_LoadOrderGroupServiceDependencies"
"select * from win32_DiskPartition"
"select * from win32_SystemDriver"
"select * from win32_DiskDriveToDiskPartition"
"select * from win32_SystemPartitions"

I get always the same error:

”80041001 Generic Failure” but I can execute the same queries in the local 
computer, using the same user, and they work well. The user is a "low" domain 
user, no administrator, in the monitored computer.

I've configured  in the monitored system:

- I've add the user to the Local User groups and "Performance Monitor Users" 
group.

- Using wmimgmt.msc I gave permissions to all in Root and CIMV2 nodes (I 
know only some of them are needed, but I checked everything just to test).

- As I'm using 2003 Server SP1 I modfied DCOM permissions using dcomcnfg 
modifying the "Edit Default" in Access Permissions and Launch and activations 
permissions.  I've changed the "Edit Limits" options in the "Launch and 
activations Permissions".

With this settings I'm able to retrieve some information using WMI

Furthermore, the query works using:

- wbemtest directly in the remote computer when logged using the same "low" 
user, so it's not an authorization problem but a WMI/DCOM issue.

- Everything works fine running wbemtest from the remote PC if I add the 
domain user to the "local administrator" group.

Just for trying I also change some settings I got from a MOM configuration 
document:  I added the "Manage auditing and security log" and "Allow log on 
locally" permissions but it did not work either, the error is always the same.

My question is:  Do I need to change any other setting in order to be able 
to perform these queries from a remote computer using a non administrator 
user?

Thank you in advance.
date: Mon, 12 Mar 2007 06:44:03 -0700   author:   tango am

RE: Some 80041001 Generic Failure accessing remote WMI    
We need to remember Windows Managment Instrumentation(WMI) is something 
that is used to manage machines, and that is why a majority of these 
classes require Administrative permissions on the remote machine to be able 
to execute it remotely.

However, in some cases, you can reduce the security to these classes by 
modifying DCOM settings and permission on the remote machine.  While this 
article does not directly pertain to Windows Server 2003, I would recommend 
reviewing this article to see if you can get the DCOM permissions set to be 
able to use a non-administrative user.

875605	How to troubleshoot WMI-related issues in Windows XP SP2
http://support.microsoft.com/default.aspx?scid=kb;EN-US;875605


Tim
date: Mon, 12 Mar 2007 15:32:19 GMT   author:   (Tim Macaulay[MSFT])

RE: Some 80041001 Generic Failure accessing remote WMI    
> We need to remember Windows Managment Instrumentation(WMI) is something 
> that is used to manage machines, and that is why a majority of these 
> classes require Administrative permissions on the remote machine to be able 
> to execute it remotely.

I think you are right!

I tried using the same "low level" user profile using the "Computer 
Management" console from a remote PC and I got errors trying to acced disk 
and devices information (that was the information my WQL queries tried to 
retry).  Then I tested the same using "Computer Management" in the monitored 
computer and the queries did not work either (in my previous email I said 
they did, sorry).  So, the problem is not a remote problem but a permissions 
problem.  Using Administrator everyting works!

Thanks for your help
date: Tue, 13 Mar 2007 02:13:03 -0700   author:   tango am

Google
 
Web ureader.com


    COPYRIGHT 2007, YARDI TECHNOLOGY LIMITED, ALL RIGHT RESERVE  |   contact us