The WMI query had problems. The error text from wmic is: [wm

[Eudes87]

Hi all,

I use WMI to monitor Windows, but after an internal audit, we have a problem.

The WMI user had local administrator access, the monitoring functioned perfectly. After auditing, local admin access was removed. In this way, we release access to the local groups exposed in the WMI documentation “Distributed Com Users”, “Event Log Readers”, “Performance Log Users”, and “Performance Monitor Users” groups.
Performance Monitor Users:

Performance Log Users:

Event Log Readers:

Distributed Com Users:


This is the result:



When you add the user to the local admin group, this is the result:

[scottwilkerson]

In this doc,
https://assets.nagios.com/downloads/nag ... ios-XI.pdf

Was this user given "Remote Activation Privilege to Windows DCOM" (page 4-5)?

Was this user given "Remote WMI Access" (page 6)?

[Eudes87]

The WMI documentation makes me believe that the groups mentioned already have the necessary privileges, which replace the items on pages 4-5 and 6.


Is my understanding wrong?

Is there no way to replace the items on pages 4-5 and 6 with the inclusion of local groups with privileges as indicated in the manual?

[scottwilkerson]

The WMI documentation makes me believe that the groups mentioned already have the necessary privileges, which replace the items on pages 4-5 and 6.

They may not in restricted environments, just by default.

[Eudes87]

They may not in restricted environments, just by default.

Sorry, but what does that mean?

[scottwilkerson]

They may not in restricted environments, just by default.

Sorry, but what does that mean?

It means those groups may not have enough access in your environment.