Windows 10 - WMIC/WMI 远程访问被本地管理员拒绝
Windows 10 - WMIC/WMI Remote Access denied with local administrator
First my workingsetup:
DesktopPC: Windows 10 Pro, Version: 10.0.10586 Build: 10586, 64-Bit
Laptop: Windows 10 Pro, Version: 10.0.10586 Build: 10586, 64-Bit
User: Both computers have the same username {zuka} & password {blah}.
I tried to connect remotely, with WMIC to my DesktopPC, with my Laptop and to execute a query.
I typed these following shell commands into Powershell:
PS C:\Windows\system32> wmic
wmic:root\cli> /user: zuka
Please enter the password:blah
wmic:root\cli> /node: {IP-Address of my DesktopPC}
wmic:root\cli> csproduct get /value
Node - {IP-Address of my DesktopPC}
Error:
Description = Access is denied.
Or with:
get-wmiobject CIM_Memory -computername desktopPC { or IP } -credential zuka
I get a errormessage like:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
I tried to resolve the problem with these following steps:
( But none of them worked :[ )
- Went into secpol.msc & changed Network access: Sharing and security model for local accounts to Classic - local users authenticate as themselfes.
- I also changed in secpol.msc Network security LAN Manager authentication level to Send LM & NTLM responses, use NTLMv2 session security if negotiated.
- In compmgmt.msc > Service & application > WMI-control > register "security" > expand root & selected CIMV2 saw that local administrators have fully access to this namespace. Zuka is in a membership of the local administrator group.
Is there a specific issue with Windows 10 or did I miss a certain configuration?
除非您在家中设置了域,否则您似乎传递了不正确的凭据。用户应该在它前面有一个机器限定符。所以“/用户:desktopPC\zuka”
要在 WMI 上启用对其他 PC 的远程访问,如果计算机不在同一域或任何域中,则需要将主机添加到 winrm 中的受信任主机列表中。
启用winrm。在电脑上,你要访问。
检查 winrm 是否 运行 或已停止:
get-service winrm
如果停止,输入:
enable-PSRemoting -force
添加对远程主机的访问权限。
winrm s winrm/config/client '@{TrustedHosts="REMOTECOMPUTERNAME/IP"}'
所以就我而言:
winrm s winrm/config/client '@{TrustedHosts="laptopPC"}'
要验证 winrm 服务,您可以键入:
winrm quickconfig
它将提供服务的当前状态,如果需要,它将配置 WinRM 服务。
不幸的是,windows 防火墙阻止了远程访问。
- 进入Windows高级安全防火墙 > 入站规则模式
- 右键单击工作区并选择新建规则...
- 从下拉列表中选择预定义选项和 select Windows Management Instrumentation (WMI),然后单击下一步。
- 现在 select 选项:具有本地配置文件值的 (WMI-In) 规则。
- 允许连接 > 完成。
现在我可以使用以下命令行从我的笔记本电脑访问 WMI 到我的台式电脑:
get-wmiobject CIM_Memory -computername desktopPC { or IP } -credential zuka
然后它要求输入密码。瞧!我得到了内存的信息,通过远程访问。 =)
First my workingsetup:
DesktopPC: Windows 10 Pro, Version: 10.0.10586 Build: 10586, 64-Bit
Laptop: Windows 10 Pro, Version: 10.0.10586 Build: 10586, 64-Bit
User: Both computers have the same username {zuka} & password {blah}.
I tried to connect remotely, with WMIC to my DesktopPC, with my Laptop and to execute a query.
I typed these following shell commands into Powershell:
PS C:\Windows\system32> wmic
wmic:root\cli> /user: zuka
Please enter the password:blah
wmic:root\cli> /node: {IP-Address of my DesktopPC}
wmic:root\cli> csproduct get /value
Node - {IP-Address of my DesktopPC}
Error:
Description = Access is denied.
Or with:
get-wmiobject CIM_Memory -computername desktopPC { or IP } -credential zuka
I get a errormessage like:
Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
I tried to resolve the problem with these following steps: ( But none of them worked :[ )
- Went into secpol.msc & changed Network access: Sharing and security model for local accounts to Classic - local users authenticate as themselfes.
- I also changed in secpol.msc Network security LAN Manager authentication level to Send LM & NTLM responses, use NTLMv2 session security if negotiated.
- In compmgmt.msc > Service & application > WMI-control > register "security" > expand root & selected CIMV2 saw that local administrators have fully access to this namespace. Zuka is in a membership of the local administrator group.
Is there a specific issue with Windows 10 or did I miss a certain configuration?
除非您在家中设置了域,否则您似乎传递了不正确的凭据。用户应该在它前面有一个机器限定符。所以“/用户:desktopPC\zuka”
要在 WMI 上启用对其他 PC 的远程访问,如果计算机不在同一域或任何域中,则需要将主机添加到 winrm 中的受信任主机列表中。
启用winrm。在电脑上,你要访问。
检查 winrm 是否 运行 或已停止:get-service winrm如果停止,输入:
enable-PSRemoting -force添加对远程主机的访问权限。
winrm s winrm/config/client '@{TrustedHosts="REMOTECOMPUTERNAME/IP"}'所以就我而言:
winrm s winrm/config/client '@{TrustedHosts="laptopPC"}'要验证 winrm 服务,您可以键入:
winrm quickconfig它将提供服务的当前状态,如果需要,它将配置 WinRM 服务。
不幸的是,windows 防火墙阻止了远程访问。
- 进入Windows高级安全防火墙 > 入站规则模式
- 右键单击工作区并选择新建规则...
- 从下拉列表中选择预定义选项和 select Windows Management Instrumentation (WMI),然后单击下一步。
- 现在 select 选项:具有本地配置文件值的 (WMI-In) 规则。
- 允许连接 > 完成。
现在我可以使用以下命令行从我的笔记本电脑访问 WMI 到我的台式电脑:
get-wmiobject CIM_Memory -computername desktopPC { or IP } -credential zuka
然后它要求输入密码。瞧!我得到了内存的信息,通过远程访问。 =)