Remote Powershell for non-administrative User (checking Update-Status via Monitoring)

Copper Contributor

Hi all,


I know this topic is not a new one and I literally spend hours reading forums and blogs, but I'm still not what I want to achieve. We use PRTG as monitoring tool. All that WMI- and SNMP-stuff I was able to set up to get the status of all Systems and Servers with non-administrative accounts and the least amount of permissions.


But I'm still struggling with Remote Powershell-Permissions. PRTG is using Remote Powershell to get the Update Status of Windows Servers and what's written in blogs and suggested answers is like:


"set up WinRM, open the necessary Firewall ports and maybe you need to restart the WinRM-service and you're ready to go. Maybe you need to add the user to the groups of "Remote Management Users" and "Remote Monitoring Users" (or maybe a bit similar, we're running our Servers in german)."


But this isn't working still as I still get a permission denied error while running the script...


Basically and very simplified, PRTG is running the following:




$searcher = (New-Object -ComObject Microsoft.Update.Session).CreateUpdateSearcher();$searcher.Search("Type='Software'").Updates




(this is the thread were this is discussed from a PRTG-perspective, but no solution for not using (local) Admin-Permissions: PRTG - Windows Update Status 


If I run this with Invoke-Command to one of my remote machines using my "Monitoring-Account" (non-administrative but in the above mentioned groups), I receive 0x80070005 Access denied, however, using an account with (local) administrative rights, this works:





So long story short: anyone an idea what permission I need to set that my monitoring-account is able to get the Update-Status from remote machines through this way? 

I absolutely cannot grant administrative permissions for a monitoring account basically on all Servers, only to get the Update-Status.


Any help is much appreciated!

Thanks and cheers,


0 Replies