WMI Troubleshooting: Permissions
Published Mar 15 2019 05:31 PM 1,360 Views
First published on TECHNET on Aug 14, 2007

Back in June, we published our post on Basic WMI Testing .  Today we're going to go over some common issues and ways that you can troubleshoot and recover from them - specifically rights and permissions.  We're not going to get into troubleshooting scripts - what we're looking at is troubleshooting WMI itself.  So without further ado, let's dive right in ...

The first thing we're going to look at is ensuring that the COM Security settings are configured correctly.  Oftentimes the default COM permissions may have been modified by application installations or GPO settings.  We covered the security aspects of COM / DCOM in an earlier post, titled COM and DCOM for Administrators .  Incorrectly configured permissions can cause WMI to fail.  We can use the built-in DCOMCNFG utility to verify the permissions as shown below:

Windows 2000 Windows XP, Windows 2003
  1. Click Start , click Run , type dcomcnfg then click OK .
  2. Click the Default Security tab (shown below):

  1. Click Start , click Run , type dcomcnfg then click OK .
  2. Expand the Component Services node
  3. Expand the Computers node
  4. Right-click the My Computer node and then click Properties
  5. Click the COM Security tab (shown below:)

Under the Default Launch Permissions you need to make sure that the following users / groups have the Allow Launch permission: INTERACTIVE , SYSTEM and Administrators .  Under the Default Access Permissions ensure only the following accounts are listed:

OS Account
Windows 2000 none
Windows XP SP2 & Windows Server 2003 SELF

If these Access Permissions settings have been modified, then you need to ensure that the following users / groups have been explicitly granted Access Permission: INTERACTIVE , SYSTEM and Administrators .  As a shortcut, you can export the following registry key (so that you have a backup), and then delete the key & reboot, so that you restore the original default values: HKLM\SOFTWARE\Microsoft\Ole\DefaultAccessPermission .  On Windows XP and Windows Server 2003, you can also export the following keys (again, so you have backups) and then delete the key & reboot so that the original default limits are restored: HKLM\SOFTWARE\Microsoft\Ole\MachineAccessRestriction & HKLM\SOFTWARE\Microsoft\Ole\MachineLaunchRestriction .

In addition, the WMI DCOM settings should also be checked - again, using the DCOMCNFG utility as before:

Windows 2000 Windows XP, Windows 2003
  1. Within DCOMCNFG , click the Applications tab.
  2. Double-click the Windows Management Instrumentation tab (shown below):

  1. Within DCOMCNFG , expand the Computers node
  2. Expand the My Computer node
  3. Expand the DCOM Config node
  4. Right-click the Windows Management and Instrumentation object, and select Properties (shown below:)

Verify the settings below against what is configured on the system:

Setting Windows 2000 Windows XP / Windows Server 2003
Authentication Level Default Default
Launch Permissions Use Default Everyone
Access Permissions Use Default Use Default

And that brings us to the end of this post.  There's much more to come on WMI, so stay tuned!

- Axel Rivera

Version history
Last update:
‎Mar 15 2019 05:31 PM
Updated by: