GSX Blog

Enable Remote WMI Access for a Domain User Account

Posted by cyril leroy on Thu, Aug 22, 2013

This article will show you how to enable remote WMI access for a domain user account on Exchange or SharePoint.

By default, only local administrators can have access to WMI remotely. If you are using a standard domain user account, you will obtain a “WMI Access denied” error while testing the connectivity of your monitoring tool for Exchange or SharePoint. In this tutorial, I'll explain how this is done on GSX Monitor, but this is applicable to any monitoring tool you may have.

wmi access 1

Considering that this user account is already a member of the “Domain Users” group, you will have to allow remote WMI access to use it as a service account with restricted permissions.

You need to add the user account to the local group named “Performance Log Users”:

wmi access 2

Then allow a user to have access via WMI Control Properties:

  1. Open the WMI Control console: Click Start, choose Run and type wmimgmt.msc, then click OK.
  2. In the console tree, right-click WMI Control and then click Properties.
  3. Click the Security tab.
wmi access 3

Select the “\Root\CIMV2” namespace to choose which user or group will have access, and then click on Security. 

wmi access 4

In the Security dialog box, click Add.

In the Select Users, Computers, or Groups dialog box, enter the name of the object (user or group) that you want to add, click OK and then choose Advanced.

wmi access 5

In the Advanced Security dialog box under Permissions, edit the permissions and check the “Enable Account” and “Remote Enable” boxes. Select Apply to “This namespace and subnamespaces”:
wmi access 6

Click OK 4 times to close all the windows.

And now you’re finished! The user now has remote access to WMI information:

wmi access 7



Tags: Microsoft, WMI, SharePoint, Exchange, Best practices, Troubleshooting