WMI permissions: Select CommandLine, ProcessId FROM Win32_Process returns no data for CommandLine

Posted by user57935 on Server Fault See other posts from Server Fault or by user57935
Published on 2010-10-22T13:38:25Z Indexed on 2012/06/05 4:43 UTC
Read the original article Hit count: 630

Filed under:
|
|

I am gathering performance data via WMI and would like to avoid having to use an account in the Administrators group for this purpose. The target machine is running Windows Server 2003 with the latest SP/updates.

I've done what I believe to be the appropriate configuration to allow our user access to WMI (similar to what is described here: http://msdn.microsoft.com/en-us/library/aa393266.aspx).

Here are the specific steps that were followed:

  1. Open Administrative Tools -> Computer Management: Under Computer Management (Local) Expand Services and Applications, right click WMI Control and select properties. In the Security tab, expand Root, highlight CIMV2, click Security (near bottom of window); add Performance Monitor Users and enable the options : Enable Account and Remote Enable.

  2. ­
  3. Open Administrative Tools -> Component Services: Under Console Root go to Component Services-> Computers -> Right click My Computer and select properties, select the COM security tab, in “Access Permissions” click "Edit Default" select(or add then select) “Performance Monitor Users” group and allow local access and remote access and click ok. In “Launch and Activation Permissions” click “Edit Default” select(or add then select) “Performance Monitor Users” group and allow Local and Remote Launch and Activation Permissions.

  4. ­
  5. Open Administrative Tools -> Component Services: Under Console Root go to Component Services-> Computers -> My Computer -> DCOM Config -> highlight “Windows Management and Instrumentation” right click and select properties, Select the Security tab, Under “Launch and Activation Permissions” select Customize, then click edit, add the “Performance Users Group” and allow local and remote Remote Launch and Remote Activation privileges.

I am able to connect remotely via WMI Explorer but when I perform this query:

Select CommandLine, ProcessId FROM Win32_Process

I get a valid result but every row has an empty CommandLine. If I add the user to the Administrators group and re-run the query, the CommandLine column contains the expected data.

It seems there is a permission I am missing somewhere but I am not having much luck tracking it down.

Many thanks in advance.

© Server Fault or respective owner

Related posts about security

Related posts about permissions