Remote WMI Query of Event Log with Non-Administrator Account


M

Mike R

I have a windows service set up on one Windows Server 2003 machine that
sweeps through the event logs of other W2K3 domain computers periodically and
writes specified events from the logs to a database for querying.

The appropriate WMI permissions have been set up so that the domain account
under which the service is running should be able to access the logs on those
computers remotely.

Here are the various scenarios and results:
1) When querying the local machine, the WMI Query returns all expected events.
2) When querying a remote machine, and the service account is added to local
administrators group, the WMI Query returns all expected events.
3) When querying a remote machine, and the service account is not set up as
administrator on that machine, the query simply returns no results.

Usually, if it were an access problem, I would expect to get an Access
Denied error. However, it seems that the user must be part of local
administrators group to be able to actually have events returned, even though
that user does have the appropriate permissions set. Here are the specific
permissions I have set:

1) In DCOM configruation, added permission for Remote Activation and Access
2) In WMI Services, added required access for \root and \root\cimv2.
3) In Local Groups, added the domain account under which the service is
running to groups "DCOM Users" and "Performance Monitor Users".

Any other suggestions on what I can do to be able to query the event logs
remotely without having to assign administrator priviledges to the domain
account for the service?
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads


Top