How to I connect to a remote computer via WMI using local credentials?

iunknown21
iunknown21 used Ask the Experts™
on
I'm having trouble getting a WMI connection using machine credentials to work.   If I use domain credentials everything works correctly, but I need to use local credentials instead of domain credentials.

Here is the function that builds the ConnectionOptions

    virtual protected ConnectionOptions GetConnectionOptions()
    {
      if (!String.IsNullOrEmpty(m_userName))
      {
        if (!String.IsNullOrEmpty(m_authority))
          m_authority = "NTLMDOMAIN:" + m_authority.Trim();

        ConnectionOptions conn = null;
        conn = new ConnectionOptions();
        conn.Username = m_userName.Trim();
        conn.Password = m_password.Trim();
        conn.Authority = m_authority;
        conn.Impersonation = ImpersonationLevel.Impersonate;
        conn.Authentication = AuthenticationLevel.PacketPrivacy;
        conn.EnablePrivileges = true;
        return conn;
      }

Then later I use it like this
      ConnectionOptions conn = GetConnectionOptions();
      if (conn == null)
        ms = new ManagementScope(path);
      else
        ms = new ManagementScope(path, conn);

      try
      {
        ms.Connect();
      }
      catch (System.Exception e)
      {
        return false;      
      }
      return null;
    }


this works:
  m_authority = 'MyDomain.com'
  m_userName = 'MyDomainAccount'
  m_password = 'MyPassword'

This doesn't:
  m_authority = ''
  m_userName = 'RemoteMachine\LocalAccount'
  m_password = 'LocalPassword'

I'm pretty use that I'm missing something simple, but I can't seem to find the magic flag.

Any ideas?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2012
Top Expert 2014

Commented:
Try using:

 m_authority = "RemoteMachine'
  m_userName = 'RemoteMachineLocalAccount'
  m_password = 'MyPassword'

Regards,

Rob.

Author

Commented:
No joy. I get an invalid parameter.  

Here's the actual connection code:

        if (!String.IsNullOrEmpty(m_authority))
          m_authority = "NTLMDOMAIN:" + m_authority.Trim();

        ConnectionOptions conn = null;
        conn = new ConnectionOptions();
        conn.Username = m_userName.Trim();
        conn.Password = m_password.Trim();
        conn.Authority = m_authority;

        conn.Impersonation = ImpersonationLevel.Impersonate;
        conn.Authentication = AuthenticationLevel.PacketPrivacy;
        conn.EnablePrivileges = true;
        return conn;

I think the problem is the NTLMDOMAIN since it's a local machine but I haven't figured out what to use.  

Using just the machine name doesn't work.
Most Valuable Expert 2012
Top Expert 2014

Commented:
According to this:
http://support.microsoft.com/kb/948829

You should be able to use the full NETBIOS name of the remote machine as the authority:
  m_authority = 'RemoteMachine.MyDomain.com'
  m_userName = 'RemoteLocalAccountName'
  m_password = 'MyPassword'

Also, does it make a difference if you use ntlmdomain: as lowercase:
m_authority = "ntlmdomain:" + m_authority.Trim();

If that doesn't work, you say you have tried this:
  m_authority = ''
  m_userName = 'RemoteMachine\LocalAccount'
  m_password = 'LocalPassword'

but in your code, don't you skip the setting of parameters if m_authority is empty?

Try leaving out the m_authority parameter altogether, and see if passing the RemoteMachine\LocalAccount works.

Rob.
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

Author

Commented:
Thanks Rob, but still no joy.

m_authority = "NTLMDOMAIN:RemoteMachine.Domain.com" -> Access denied
m_authority = "RemoteMachine.Domain.com" -> invalid parameter

m_authority = ""
username = "RemoteMachine\LocalUser"

return Access Denied.

I removed these lines
//         conn.Impersonation = ImpersonationLevel.Impersonate;
//         conn.Authentication = AuthenticationLevel.PacketPrivacy;
//         conn.EnablePrivileges = true;

still getting Access denied.

I'll try setting up a straight c++ program based on the link you attached.  

Thank you.



Most Valuable Expert 2012
Top Expert 2014

Commented:
OK, on Tuesday I'll try setting up a test VBScript WMI authentication and see if I can get that to work....we should then be able to translate that.

Regards,

Rob.

Author

Commented:
VbScript might work differently than C# and .NET.  
Most Valuable Expert 2012
Top Expert 2014

Commented:
Yes, it does work differently.....but it still uses the same parameters for the WMI connection, just worded differently.  See the code below for some parameters that worked for me, and some that didn't.

Given the first option that works in VBScript, this should work for you:
 m_authority = "RemoteMachine'
 m_userName = 'RemoteMachineLocalAccount'
 m_password = 'MyPassword'

because your code is adding the NTLMDomain: to the authority when it is not empty.  Hopefully the configuration below can help you get something to work.  Unfortunately I can't test .NET or C# code.

Regards,

Rob.
Const WbemAuthenticationLevelPktPrivacy = 6
Const WbemImpersonation = 3

' ==== This works ====
strComputer = "NCVS4C1SRING"
strAuthority = "NTLMDomain:" & strComputer
strNamespace = "root\cimv2"
strUser = "test11"
strPassword = "password"
' ====================

' ==== This works ====
strComputer = "NCVS4C1SRING"
strAuthority = ""
strNamespace = "root\cimv2"
strUser = strComputer & "\test11"
strPassword = "password"
' ====================

' ==== This does not work because strUser has the computer name, and it's trying to use strAuthority ====
' ==== This returns "Invalid Parameter" ====
strComputer = "NCVS4C1SRING"
strAuthority = "NTLMDomain:" & strComputer
strNamespace = "root\cimv2"
strUser = strComputer & "\test11"
strPassword = "password"
' ====================

Set objWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objwbemLocator.ConnectServer(strComputer, strNamespace, strUser, strPassword, , strAuthority)
objWMIService.Security_.authenticationLevel = WbemAuthenticationLevelPktPrivacy
objWMIService.Security_.ImpersonationLevel = WbemImpersonation
Set colItems = objWMIService.ExecQuery _
    ("Select * From Win32_OperatingSystem")
For Each objItem In ColItems
    Wscript.Echo strComputer & ": " & objItem.Caption
Next

Open in new window

Most Valuable Expert 2012
Top Expert 2014
Commented:
Just to clarify, strUser that you're using is a local user account on the strComputer machine, and it has administrative rights?

Rob.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial