如何在不启用 WinRM 的情况下从 VMware Windows 来宾 VM 获取 CDROMDrive 信息？

Question

我需要在 vmware 中的远程来宾虚拟机上获取 CDDrive 信息并执行设置文件，而无需在远程计算机中启用 winrm 服务。我也尝试使用 powercli 命令 invoke-VMScript 进行访问。我不工作

PowerCLI D:\Program Files\PowerCli> Get-WmiObject -Query "select * From WIn32_CDROMDrive" -ComputerName "nalb00cava1" | Format-List
Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005(E_ACCESSDENIED))
At line:1 char:1
+ Get-WmiObject -Query "select * From WIn32_CDROMDrive" -ComputerName "VM1 ...
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
 + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

PowerCLI D:\Program Files\PowerCli> Get-WmiObject -Query "select * From WIn32_CDROMDrive" -ComputerName "VM1.xxx.com" | Format-List
Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005(E_ACCESSDENIED))
At line:1 char:1
+ Get-WmiObject -Query "select * From WIn32_CDROMDrive" -ComputerName "VM1 ...
+ CategoryInfo          : NotSpecified: (:) [Get-WmiObject], UnauthorizedAccessException
+ FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

帮助将不胜感激.....

Answer 1

看起来您正在为您的用例采用这种方法。

Tip: Work Remotely with Windows PowerShell without using Remoting or WinRM

Some cmdlets have a –ComputerName parameter that lets you work with a remote computer without using Windows PowerShell remoting. This means you can use the cmdlet on any computer that is running Windows PowerShell, even if the computer is not configured for Windows PowerShell remoting. These cmdlets include the following:

• Get-WinEvent
• 获取计数器
• 获取事件日志
• 清除事件日志
• 写入事件日志
• 限制事件日志
• 显示事件日志
• 新建事件日志
• 删除事件日志
• Get-WmiObject
• 获取进程
• 获取服务
• 设置服务
• Get-HotFix
• 重启电脑
• 停止-计算机
• 添加计算机
• 删除-计算机
• 重命名计算机
• 重置计算机密码

Because these cmdlets don’t use remoting, you can run any of these cmdlets on a remote computer in a domain simply by specifying the name of one or more remote computers in the –ComputerName parameter. However, Windows policies and configuration settings must allow remote connections, and you must still have the appropriate credentials.

但是，相对于WMI，需要额外的设置才能成功。

访问被拒绝。

Which permissions/rights does a user need to have WMI access on remote machines?

The following works on Window 2003 R2 SP 2, Windows Server 2012 R2

1. Add the user(s) in question to the Performance Monitor Users group
2. Under Services and Applications, bring up the properties dialog of WMI Control (or run wmimgmt.msc). In the Security tab, highlight Root/CIMV2, click Security; add Performance Monitor Users and enable the options : Enable Account and Remote Enable

3. Run dcomcnfg. At Component Services > Computers > My Computer, in the COM security tab of the Properties dialog click "Edit Limits" for both Access Permissions and Launch and Activation Permissions. Add Performance Monitor Users and allow remote access, remote launch, and remote activation.

   Select Windows Management Instrumentation under Component Services > Computers > My Computer > DCOM Config and give Remote Launch and Remote Activation privileges to Performance Monitor Users Group.

Notes:

• As an alternatively to step 3 and 4, one can assign the user to the group Distributed COM Users (Tested on Windows Server 2012 R2)
• If the user needs access to all the namespaces, you can set the settings in 2. at the Root level, and recurse the permissions to the
  sub-namespaces via the Advanced window in Security

最后，你没有说你的环境是什么，域，你的机器和虚拟机在同一个域中，或者你是否处于工作组模式。如果是后者，那就另当别论了。