Problem rights Win32_Service

[machok]

Hello,

I do Windows monitoring via WMI. I have no problem as long as I log a user with admin (local or domain). For obvious security reasons, I would like to create a non-admin user could only read the attributes of WMI classes. So I created this user, and I assigned the necessary rights via 'wmimgmt' and 'dcomcfng' on the Windows server.

I use the tool wmic (Linux utility) that works very well. Here is the syntax I use:

wmic-U domain / useradmin% password / / 192.168.1.1 "select * from Win32_Service"

No problems, everything works. The idea is to go like this:

wmic-U domain / non-user-admin% password / / 192.168.1.1 "select * from Win32_Service"

Of course this does not work properly

I said that I can recover some instances of classes in non-admin, for example:

wmic-U domain / non-user-admin% password / / 192.168.1.1 "select * from Win32_Process"

returns the values expected.

Leafing on msdn read I thought that for some classes, the user should have the privilege "SC_MANAGER_CONNECT to" enabled. I have a little hard to understand because it seems that any authenticated user have this privilege (or so I misunderstood ...).

In case I misunderstood, how to assign a user that right?

Thank you for your help..

[Alejandro]

You can have a track overhere:

http://msdn.microsoft.com/en-us/libr...81(VS.85).aspx

http://support.microsoft.com/kb/179249

A security descriptor is associated with the SCM. The DACL associated with the SCM identifies the users and groups allowed or denied access to it. When a process attempts to obtain a handle to the SCM, Windows NT Security determines whether or not the process has the requested access. The OpenSCManager API is used to obtain a handle to the SCM. If the user is granted the requested access to the SCM, the system returns a valid handle. If the request is denied, NULL is returned and the error code will be number 5, "Access is denied" (ERROR_ACCESS_DENIED).

[machok]

Hello,

thank you for your reply.

I had already watched a few of these two links, but found nothing except the famous

User or Group | Access granted
-------------------------------------------------- ---------------
- Authenticated Users | SC_MANAGER_CONNECT --

(in passing the automatic translation of Microsoft is not top: s)

I also find it on another site:

SC_MANAGER_CONNECT the flag is placed by default

I know what to do anymore, I see no or modify this flag (which is supposed to be placed by default) for a user ....

[DllD]

There is one thing I do, are you on Linux or Windows?
Your solution is dedicated to the Windows platform?

[machok]

So actually I'm Newbie (therefore Linux) as a platform for monitoring.

I do WQL query WMI from a client that runs under Linux (Ubuntu).

This customer is wmic (the syntax is given in the first post).

I said that the result is the same if I use remote wbemtest.exe in with my non-admin user:

Quote: Number: 0x80041001
Facility: WMI
Description: Generic failure)

therefore it is a rights issue. If I spend my user in the admin group, the application works fine (with wbemtest and wmic with my client for Linux).

To complete a little, to get to class without being Win32_PerfRawData_NTDS_NTDS admin, I add my user in group "Performance Monitor User. So I try to play a little on the panel "Authentificated Users" but without success (lack of Windows OS).

Thanks for your interest in my problem.