How to I connect to a remote computer via WMI using local credentials?

I'm having trouble getting a WMI connection using machine credentials to work.   If I use domain credentials everything works correctly, but I need to use local credentials instead of domain credentials.

Here is the function that builds the ConnectionOptions

    virtual protected ConnectionOptions GetConnectionOptions()
    {
      if (!String.IsNullOrEmpty(m_userName))
      {
        if (!String.IsNullOrEmpty(m_authority))
          m_authority = "NTLMDOMAIN:" + m_authority.Trim();

        ConnectionOptions conn = null;
        conn = new ConnectionOptions();
        conn.Username = m_userName.Trim();
        conn.Password = m_password.Trim();
        conn.Authority = m_authority;
        conn.Impersonation = ImpersonationLevel.Impersonate;
        conn.Authentication = AuthenticationLevel.PacketPrivacy;
        conn.EnablePrivileges = true;
        return conn;
      }

Then later I use it like this
      ConnectionOptions conn = GetConnectionOptions();
      if (conn == null)
        ms = new ManagementScope(path);
      else
        ms = new ManagementScope(path, conn);

      try
      {
        ms.Connect();
      }
      catch (System.Exception e)
      {
        return false;      
      }
      return null;
    }


this works:
  m_authority = 'MyDomain.com'
  m_userName = 'MyDomainAccount'
  m_password = 'MyPassword'

This doesn't:
  m_authority = ''
  m_userName = 'RemoteMachine\LocalAccount'
  m_password = 'LocalPassword'

I'm pretty use that I'm missing something simple, but I can't seem to find the magic flag.

Any ideas?
LVL 1
iunknown21Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RobSampsonCommented:
Try using:

 m_authority = "RemoteMachine'
  m_userName = 'RemoteMachineLocalAccount'
  m_password = 'MyPassword'

Regards,

Rob.
0
iunknown21Author Commented:
No joy. I get an invalid parameter.  

Here's the actual connection code:

        if (!String.IsNullOrEmpty(m_authority))
          m_authority = "NTLMDOMAIN:" + m_authority.Trim();

        ConnectionOptions conn = null;
        conn = new ConnectionOptions();
        conn.Username = m_userName.Trim();
        conn.Password = m_password.Trim();
        conn.Authority = m_authority;

        conn.Impersonation = ImpersonationLevel.Impersonate;
        conn.Authentication = AuthenticationLevel.PacketPrivacy;
        conn.EnablePrivileges = true;
        return conn;

I think the problem is the NTLMDOMAIN since it's a local machine but I haven't figured out what to use.  

Using just the machine name doesn't work.
0
RobSampsonCommented:
According to this:
http://support.microsoft.com/kb/948829

You should be able to use the full NETBIOS name of the remote machine as the authority:
  m_authority = 'RemoteMachine.MyDomain.com'
  m_userName = 'RemoteLocalAccountName'
  m_password = 'MyPassword'

Also, does it make a difference if you use ntlmdomain: as lowercase:
m_authority = "ntlmdomain:" + m_authority.Trim();

If that doesn't work, you say you have tried this:
  m_authority = ''
  m_userName = 'RemoteMachine\LocalAccount'
  m_password = 'LocalPassword'

but in your code, don't you skip the setting of parameters if m_authority is empty?

Try leaving out the m_authority parameter altogether, and see if passing the RemoteMachine\LocalAccount works.

Rob.
0
Hey MSSPs! What's your total cost of ownership?

WEBINAR: Managed security service providers often deploy & manage products from a variety of solution vendors. But is this really the best approach when it comes to saving time AND money? Join us on Aug. 15th to learn how you can improve your total cost of ownership today!

iunknown21Author Commented:
Thanks Rob, but still no joy.

m_authority = "NTLMDOMAIN:RemoteMachine.Domain.com" -> Access denied
m_authority = "RemoteMachine.Domain.com" -> invalid parameter

m_authority = ""
username = "RemoteMachine\LocalUser"

return Access Denied.

I removed these lines
//         conn.Impersonation = ImpersonationLevel.Impersonate;
//         conn.Authentication = AuthenticationLevel.PacketPrivacy;
//         conn.EnablePrivileges = true;

still getting Access denied.

I'll try setting up a straight c++ program based on the link you attached.  

Thank you.



0
RobSampsonCommented:
OK, on Tuesday I'll try setting up a test VBScript WMI authentication and see if I can get that to work....we should then be able to translate that.

Regards,

Rob.
0
iunknown21Author Commented:
VbScript might work differently than C# and .NET.  
0
RobSampsonCommented:
Yes, it does work differently.....but it still uses the same parameters for the WMI connection, just worded differently.  See the code below for some parameters that worked for me, and some that didn't.

Given the first option that works in VBScript, this should work for you:
 m_authority = "RemoteMachine'
 m_userName = 'RemoteMachineLocalAccount'
 m_password = 'MyPassword'

because your code is adding the NTLMDomain: to the authority when it is not empty.  Hopefully the configuration below can help you get something to work.  Unfortunately I can't test .NET or C# code.

Regards,

Rob.
Const WbemAuthenticationLevelPktPrivacy = 6
Const WbemImpersonation = 3

' ==== This works ====
strComputer = "NCVS4C1SRING"
strAuthority = "NTLMDomain:" & strComputer
strNamespace = "root\cimv2"
strUser = "test11"
strPassword = "password"
' ====================

' ==== This works ====
strComputer = "NCVS4C1SRING"
strAuthority = ""
strNamespace = "root\cimv2"
strUser = strComputer & "\test11"
strPassword = "password"
' ====================

' ==== This does not work because strUser has the computer name, and it's trying to use strAuthority ====
' ==== This returns "Invalid Parameter" ====
strComputer = "NCVS4C1SRING"
strAuthority = "NTLMDomain:" & strComputer
strNamespace = "root\cimv2"
strUser = strComputer & "\test11"
strPassword = "password"
' ====================

Set objWbemLocator = CreateObject("WbemScripting.SWbemLocator")
Set objWMIService = objwbemLocator.ConnectServer(strComputer, strNamespace, strUser, strPassword, , strAuthority)
objWMIService.Security_.authenticationLevel = WbemAuthenticationLevelPktPrivacy
objWMIService.Security_.ImpersonationLevel = WbemImpersonation
Set colItems = objWMIService.ExecQuery _
    ("Select * From Win32_OperatingSystem")
For Each objItem In ColItems
    Wscript.Echo strComputer & ": " & objItem.Caption
Next

Open in new window

0
RobSampsonCommented:
Just to clarify, strUser that you're using is a local user account on the strComputer machine, and it has administrative rights?

Rob.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
OS Security

From novice to tech pro — start learning today.