Forum Discussion
Windows 11 assigned access - setting kiosk mode over powershell and WMI
Hi, Michael.
You'll have to forgive me, but as I can't speak German, I had to run "Zugriff verweigert" through a translator, but it seems to have translated to "Access denied", which I can accept as accurate.
In short, the second and third errors from your post described the problem - which is that $obj is null, but I needed to run the translation to understand why - which comes from your first error.
You'll need to either run this script with administration rights (preferred resolution), or - and I wouldn't recommend this - change the security on the "root\cimv2\mdm\dmmap" WMI namespace to grant non-administrators the necessary read+write permissions.
Because you haven't gotten far enough to use your XML yet, we can't comment on that. You'll know more once you resolve this initial permissions issue.
Cheers,
Lain
thank you also for the work translating from german to english.
Unfortunately I ran the Script over Powershell ISE with Administrator rights, and also logged in with a LAPS local admin user account on the test client. The test client is a windows 11 physical machine, and is enrolled as a Azure AD Device.
- MichaelWAug 10, 2023Brass Contributor$nameSpaceName="root\cimv2\mdm\dmmap"
is this maybe the error, since its a windows device, does this path even exist?- MichaelWAug 10, 2023Brass ContributorOr do I need any prerequisits, for running WMI commands?
- LainRobertsonAug 10, 2023Silver Contributor
The path will almost certainly exist. I run Windows 10 22H2 and even I see it:
Running the commands under an administrative process does allow you to get past the "access denied" issue (confirmed by the default permissions on this namespace as shown below), but if the authenticated user is being used by the MDM client, that would explain why the article requires the various commands to execute within the system process rather than just any administrative user:
But because I don't use InTune and therefore have no policy data to query, I can't go any further with this. That said, I can see other class information such as that from the MDM_DevDetail example below:
It doesn't seem like this is actually a PowerShell issue, but rather the specific requirements of the MDM - as dretzer pointed out.
Cheers,
Lain
- MichaelWAug 10, 2023Brass Contributor
thank you both very much, that explains a lot, I have to use psexec to get this to work and run the script in system context. Ill try that out, nice.