WinMgmts Permission

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Locked
User avatar
tomlon
Posts: 2
Joined: Thu Dec 06, 2007 4:33 am

WinMgmts Permission

Post by tomlon » Thu Dec 06, 2007 4:41 am

I have created a script that starts / restarts two particular services on remote computers. It works fine if I am running the script (I am DomainAdmin), however, a plain vanilla user runs it and they receive a Permission Denied : 'GetObject' error. The code os 800A0046. The line it references is

Set objWMIService = GetObject("winmgmts:" & strSVR & "rootcimv2")


Now, I do know that for the user (if they are not local admin) needs to be granted permission to stop/restart services. I have used the SUBINACL and successfully granted the users the right to the particualr services. But I am not sure what permissions I need to grant to allow the user to run this line of code. Thanks

User avatar
tomlon
Posts: 2
Joined: Thu Dec 06, 2007 4:33 am

WinMgmts Permission

Post by tomlon » Thu Dec 06, 2007 4:41 am

I have created a script that starts / restarts two particular services on remote computers. It works fine if I am running the script (I am DomainAdmin), however, a plain vanilla user runs it and they receive a Permission Denied : 'GetObject' error. The code os 800A0046. The line it references is

Set objWMIService = GetObject("winmgmts:" & strSVR & "rootcimv2")


Now, I do know that for the user (if they are not local admin) needs to be granted permission to stop/restart services. I have used the SUBINACL and successfully granted the users the right to the particualr services. But I am not sure what permissions I need to grant to allow the user to run this line of code. Thanks

jvierra
Posts: 14018
Joined: Tue May 22, 2007 9:57 am
Contact:

WinMgmts Permission

Post by jvierra » Fri Dec 07, 2007 3:33 am

The SC command can run remotely.

Not a good idea to elevate standard users and give them elevated remote permissions. This can lead to serious trouble.

SC should work as long as the user has permission on the remote object and machine.

jvierra
Posts: 14018
Joined: Tue May 22, 2007 9:57 am
Contact:

WinMgmts Permission

Post by jvierra » Fri Dec 07, 2007 4:31 am

The service is a remote object in this case.

Locked