?
Solved

How to I connect to a remote computer via WMI using local credentials?

Posted on 2010-03-31
8
Medium Priority
?
3,253 Views
Last Modified: 2013-12-04
I'm having trouble getting a WMI connection using machine credentials to work.   If I use domain credentials everything works correctly, but I need to use local credentials instead of domain credentials.

Here is the function that builds the ConnectionOptions

    virtual protected ConnectionOptions GetConnectionOptions()
    {
      if (!String.IsNullOrEmpty(m_userName))
      {
        if (!String.IsNullOrEmpty(m_authority))
          m_authority = "NTLMDOMAIN:" + m_authority.Trim();

        ConnectionOptions conn = null;
        conn = new ConnectionOptions();
        conn.Username = m_userName.Trim();
        conn.Password = m_password.Trim();
        conn.Authority = m_authority;
        conn.Impersonation = ImpersonationLevel.Impersonate;
        conn.Authentication = AuthenticationLevel.PacketPrivacy;
        conn.EnablePrivileges = true;
        return conn;
      }

Then later I use it like this
      ConnectionOptions conn = GetConnectionOptions();
      if (conn == null)
        ms = new ManagementScope(path);
      else
        ms = new ManagementScope(path, conn);

      try
      {
        ms.Connect();
      }
      catch (System.Exception e)
      {
        return false;      
      }
      return null;
    }


this works:
  m_authority = 'MyDomain.com'
  m_userName = 'MyDomainAccount'
  m_password = 'MyPassword'

This doesn't:
  m_authority = ''
  m_userName = 'RemoteMachine\LocalAccount'
  m_password = 'LocalPassword'

I'm pretty use that I'm missing something simple, but I can't seem to find the magic flag.

Any ideas?
0
Comment
Question by:iunknown21
  • 5
  • 3
8 Comments
 
LVL 65

Expert Comment

by:RobSampson
ID: 29300391
Try using:

 m_authority = "RemoteMachine'
  m_userName = 'RemoteMachineLocalAccount'
  m_password = 'MyPassword'

Regards,

Rob.
0
 
LVL 1

Author Comment

by:iunknown21
ID: 29403189
No joy. I get an invalid parameter.  

Here's the actual connection code:

        if (!String.IsNullOrEmpty(m_authority))
          m_authority = "NTLMDOMAIN:" + m_authority.Trim();

        ConnectionOptions conn = null;
        conn = new ConnectionOptions();
        conn.Username = m_userName.Trim();
        conn.Password = m_password.Trim();
        conn.Authority = m_authority;

        conn.Impersonation = ImpersonationLevel.Impersonate;
        conn.Authentication = AuthenticationLevel.PacketPrivacy;
        conn.EnablePrivileges = true;
        return conn;

I think the problem is the NTLMDOMAIN since it's a local machine but I haven't figured out what to use.  

Using just the machine name doesn't work.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 29432748
According to this:
http://support.microsoft.com/kb/948829

You should be able to use the full NETBIOS name of the remote machine as the authority:
  m_authority = 'RemoteMachine.MyDomain.com'
  m_userName = 'RemoteLocalAccountName'
  m_password = 'MyPassword'

Also, does it make a difference if you use ntlmdomain: as lowercase:
m_authority = "ntlmdomain:" + m_authority.Trim();

If that doesn't work, you say you have tried this:
  m_authority = ''
  m_userName = 'RemoteMachine\LocalAccount'
  m_password = 'LocalPassword'

but in your code, don't you skip the setting of parameters if m_authority is empty?

Try leaving out the m_authority parameter altogether, and see if passing the RemoteMachine\LocalAccount works.

Rob.
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 1

Author Comment

by:iunknown21
ID: 29461698
Thanks Rob, but still no joy.

m_authority = "NTLMDOMAIN:RemoteMachine.Domain.com" -> Access denied
m_authority = "RemoteMachine.Domain.com" -> invalid parameter

m_authority = ""
username = "RemoteMachine\LocalUser"

return Access Denied.

I removed these lines
//         conn.Impersonation = ImpersonationLevel.Impersonate;
//         conn.Authentication = AuthenticationLevel.PacketPrivacy;
//         conn.EnablePrivileges = true;

still getting Access denied.

I'll try setting up a straight c++ program based on the link you attached.  

Thank you.



0
 
LVL 65

Expert Comment

by:RobSampson
ID: 29502853
OK, on Tuesday I'll try setting up a test VBScript WMI authentication and see if I can get that to work....we should then be able to translate that.

Regards,

Rob.
0
 
LVL 1

Author Comment

by:iunknown21
ID: 29510404
VbScript might work differently than C# and .NET.  
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 29848131
Yes, it does work differently.....but it still uses the same parameters for the WMI connection, just worded differently.  See the code below for some parameters that worked for me, and some that didn't.

Given the first option that works in VBScript, this should work for you:
 m_authority = "RemoteMachine'
 m_userName = 'RemoteMachineLocalAccount'
 m_password = 'MyPassword'

because your code is adding the NTLMDomain: to the authority when it is not empty.  Hopefully the configuration below can help you get something to work.  Unfortunately I can't test .NET or C# code.

Regards,

Rob.
Const WbemAuthenticationLevelPktPrivacy = 6
Const WbemImpersonation = 3

' ==== This works ====
strComputer = "NCVS4C1SRING"
strAuthority = "NTLMDomain:" & strComputer
strNamespace = "root\cimv2"
strUser = "test11"
strPassword = "password"
' ====================

' ==== This works ====
strComputer = "NCVS4C1SRING"
strAuthority = ""
strNamespace = "root\cimv2"
strUser = strComputer & "\test11"
strPassword = "password"
' ====================

' ==== This does not work because strUser has the computer name, and it's trying to use strAuthority ====
' ==== This returns "Invalid Parameter" ====
strComputer = "NCVS4C1SRING"
strAuthority = "NTLMDomain:" & strComputer
strNamespace = "root\cimv2"
strUser = strComputer & "\test11"
strPassword = "password"
' ====================

Set objWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objwbemLocator.ConnectServer(strComputer, strNamespace, strUser, strPassword, , strAuthority)
objWMIService.Security_.authenticationLevel = WbemAuthenticationLevelPktPrivacy
objWMIService.Security_.ImpersonationLevel = WbemImpersonation
Set colItems = objWMIService.ExecQuery _
    ("Select * From Win32_OperatingSystem")
For Each objItem In ColItems
    Wscript.Echo strComputer & ": " & objItem.Caption
Next

Open in new window

0
 
LVL 65

Accepted Solution

by:
RobSampson earned 2000 total points
ID: 29848245
Just to clarify, strUser that you're using is a local user account on the strComputer machine, and it has administrative rights?

Rob.
0

Featured Post

Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
OfficeMate Freezes on login or does not load after login credentials are input.
How to fix display issue, screen flickering issue when I plug in power cord to the machine. Before I start explaining the solution lets check out once the issue how it looks like after I connect the power cord. most of you also have faced this…
This video tutorial shows you the steps to go through to set up what I believe to be the best email app on the android platform to read Exchange mail.  Get the app on your phone: The first step is to make sure you have the Samsung Email app on your …
Suggested Courses
Course of the Month6 days, 18 hours left to enroll

592 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question