Page tree

Unsupported content

   

This version of the documentation is no longer supported. However, the documentation is available for your convenience. You will not be able to leave comments.

Skip to end of metadata
Go to start of metadata

If you choose a non-admin domain account, you need to grant the account the following privileges on the remote computer:

  • Remote Enable for the \root and sub-namespaces.
  • Remote Launch and Remote Activation privilege.
  • DCOM remote access permissions.
  • Enable WMI Traffic.
  • Performance monitoring privilege.

The following table describes how to set these privileges. These requirements apply to Microsoft Windows 2003 computers and Microsoft Windows XP computers. On Windows 2000 computers, you only need the Enable Account for the Root/CIMV2 namespace and the Remote Enable for the Root/CIMV2 namespace privileges, as described in Seting WMI user access permissions using the WMI Control Panel.

Permissions for agentless computers using non-admin domain account

Privileges

How to set

Remote Enable for the \root and sub-namespaces

See Setting WMI user access permissions using the WMI Control Panel.

Remote Launch and Remote Activation privilege

  1. Click Start > Run.
  2. Type DCOMCNFG.exe and click OK to display the Component Services window.
  3. Click Component Services.
  4. Expand Computers and right-click My Computer.
  5. Select Properties and click the Default COM Security tab.
  6. Edit the launch and access permissions to give the non-admin domain account Allow permissions.

DCOM remote access permissions

  1. Click Start > Run.
  2. Type DCOMCNFG.exe and click OK to display the Component Services window.
  3. Click Component Services.
  4. Expand Computers and right-click My Computer.
  5. Select Properties and click the COM Security tab.
  6. Under Access Permissions, click Edit Default.
  7. Select the ANONYMOUS LOGON user and allow remote access.

Enable WMI Traffic

  1. Click Start > Run.
  2. Type Gpedit.msc and click OK to display the Group Policy window.
  3. Under Local Computer Policy, select Computer Configuration and expand Administrative Templates.
  4. Expand Network > Network Connections > Windows Firewall > Domain Profile (domain computer).
  5. Select Allow remote administration exception and right-click.
  6. Select Properties.
  7. Click Enabled and then click OK.
  8. Expand Network > Network Connections > Windows Firewall > Standard Profile.
  9. Repeats steps 5-7. You can also use the following command:

    netsh firewall set service RemoteAdmin enable

Performance monitoring privilege

Add the non-admin domain account to the Performance Monitor Users group.