I need to create or manage WMI users for Hyperview to successfully discover all protocol information about my machines. What is the minimum level access that can be setup for WMI?
1 Answer
Configuring a read-only local user for WMI on single machine:
1. Open Computer Management (compmgmt.msc) and navigate to System Tools > Local Users and Groups > Users. Add a new User. Set the password and check the box for 'Password never expires' if needed.
2. Right-Click the new user and open Properties. Open the 'Member-Of' tab and add the user to 'Distributed COM Users' and 'Performance Monitor Users' groups.
3. Add the new user to Computer Management > Services and Applications > WMI Control > Properties > Security Tab > CIMV2 > Security. Check the boxes for 'Enable Account' and 'Remote Enable'.
Â
Configuring a read-only domain user for WMI on domain controller:
Â
IMPORTANT!
A Windows Domain Controller GPO cannot define root/CIMV2 namespace privileges for domain users.
Â
This setup requires a powershell script defined in the GPO. This script is available through Hyperview Helpdesk.
Â
1. Open Active Directory Users and Computers from Server Manager and navigate to 'DomainName' > Users. Right-Click Users > New > User and add a new user meant for WMI read-only access. This is the user that will be entered into Hyperview upon configuring discoveries.
Â
2. Right-Click the new user and open Properties. Open the 'Member-Of' tab and add the user to 'Distributed COM Users' and 'Performance Monitor Users' groups.