[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

wmic remote access permission

Posted on 2014-03-20
3
Medium Priority
?
460 Views
Last Modified: 2014-03-24
Hi Experts,

I would like to control who can use wmic against remote computers, ideally i would like to take out the remote access permission for local administrator group on a remote host. I tried to modify the security setting in WMI control mmc but no joy. please help.

Thanks
0
Comment
Question by:nokyplease
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 16

Accepted Solution

by:
gurutc earned 2000 total points
ID: 39941982
Hi,

To get to the permissions dialog you need to run DComCnfg.exe.

Per Micosoft this is how you add, but also the same works for removing:

The following procedure describes how to manage DCOM remote startup and activation permissions for certain users and groups. If Computer A is connecting remotely to Computer B, you can set these permissions on Computer B to allow a user or group that is not part of the Administrators group on Computer B to execute DCOM startup and activation calls on Computer B.

To grant DCOM remote launch and activation permissions for a user or group

    Click Start, click Run, type DCOMCNFG, and then click OK.
    In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click Properties.
    In the My Computer Properties dialog box, click the COM Security tab.
    Under Launch and Activation Permissions, click Edit Limits.
    In the Launch Permission dialog box, follow these steps if your name or your group does not appear in the Groups or user names list:
        In the Launch Permission dialog box, click Add.
        In the Select Users, Computers, or Groups dialog box, add your name and the group in the Enter the object names to select box, and then click OK.
    In the Launch Permission dialog box, select your user and group in the Group or user names box. In the Allow column under Permissions for User, select Remote Launch and select Remote Activation, and then click OK.

The following procedure describes how to grant DCOM remote access permissions for certain users and groups. If Computer A is connecting remotely to Computer B, you can set these permissions on Computer B to allow a user or group that is not part of the Administrators group on Computer B to connect to Computer B.

To grant DCOM remote access permissions

    Click Start, click Run, type DCOMCNFG, and then click OK.
    In the Component Services dialog box, expand Component Services, expand Computers, and then right-click My Computer and click Properties.
    In the My Computer Properties dialog box, click the COM Security tab.
    Under Access Permissions, click Edit Limits.
    In the Access Permission dialog box, select ANONYMOUS LOGON name in the Group or user names box. In the Allow column under Permissions for User, select Remote Access, and then click OK.

Good Luck,
- gurutc
0
 

Author Comment

by:nokyplease
ID: 39944431
I have other groups like everyone, performance log users and distributed com users as well as anonymous logon. Can I remove all the remote access of these groups? Will that screw up things in a domain network?
0
 
LVL 16

Assisted Solution

by:gurutc
gurutc earned 2000 total points
ID: 39944943
I'd take everyone and anonymous out of the remote wmi for sure.  As log as performance log users  and distributed com users have no members you can leave them or remove them.  I think you can remove them without issue though.  

Try it on one PC first to test that it works for your purpose and that it doesn't break anything.

- gurutc
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Configuring Remote Assistance for use with SCCM
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
Finding and deleting duplicate (picture) files can be a time consuming task. My wife and I, our three kids and their families all share one dilemma: Managing our pictures. Between desktops, laptops, phones, tablets, and cameras; over the last decade…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question