Working with remote machines having limited privileges using WMI & .net

Question

Hello All,

Well I've been looking for a neat way to create a directory on a remote machine (non-shared path) and set permissions for it. I don't want to use ADS for this. My most recent attempt has been to use WMI for this purpose. 

The max local permissions I can get at the target machine is Power User. 

I'm using the following code section to invoke a remote CMD process and work from there:

            //Using WMI services to create a directory on the remote machine
                ConnectionOptions connOptions = new ConnectionOptions();
                connOptions.Impersonation = ImpersonationLevel.Impersonate;
                connOptions.EnablePrivileges = true;
                ManagementScope manScope = new ManagementScope(String.Format(@"\\{0}\ROOT\CIMV2", remoteMachine), connOptions);
                manScope.Connect();
                ObjectGetOptions objectGetOptions = new ObjectGetOptions();
                ManagementPath managementPath = new ManagementPath("Win32_Process");
                ManagementClass processClass = new ManagementClass(manScope, managementPath, objectGetOptions);
                ManagementBaseObject inParams = processClass.GetMethodParameters("Create");
                inParams["CommandLine"] = Command;
                ManagementBaseObject outParams = processClass.InvokeMethod("Create", inParams, null);

However, even with adding the Power User group to the WMI service security Root (and its subordinate namespaces) the method fails with an "Access Denied" error. 

I would really appreciate some good advice in this regard, and eve as to whether I need to look in a different direction or if doing this is even possible without FULL administrative rights. 

Thanking all in advance for your cooperation & help!

Answer 1

The max local permissions I can get at the target machine is Power User. 

You *need* local administrator privileges on the remote-enabled computer or corresponding rights to the remote namespace.


http://www.microsoft.com/technet/scriptcenter/resources/wmifaq.mspx#EXAAC
http://www.microsoft.com/technet/scriptcenter/resources/wmifaq.mspx/#XSLTsection131121120120

Answer 2

Thanks Marcel,

Any good alternatives to this then? Is it possible to create a remote directory & apply permissions to it, without first obtaining administrative rights?

Answer 3

Hi,
Marcel is correct, we need the local administrator of the remote machine to create directory&apply permissions to it.

Thanks,
Eric

---

Please remember to mark helpful replies as answers and unmark them if they provide no help.