When using a custom sensor, I want to use PowerShell's CIM sessions to query information from a remote computer, but I do not want to require the Windows username/password combo to be an administrator for the remote system.
How can I establish a CIM session with a remote computer using a non-Admin user?
Modified on 2025-06-10 13:08:42 +0200
Disclaimer:
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
The information in the Paessler Knowledge Base comes without warranty of any kind. Use at your own risk. Before applying any instructions please exercise proper system administrator housekeeping. You must make sure that a proper backup of all your data is available.
I have figured it out for Windows 2012 R2 (it may work on 2012):
1. Download PowerShellAccessControl Module from https://gallery.technet.microsoft.com/scriptcenter/PowerShellAccessControl-d3be7b83
2. Copy PowerShellAccessControl to C:\Program Files\WindowsPowerShell\Modules
3. Open WMI Control MMC snapin. Grant 'WinRMRemoteWMIUsers__' Execute Methods, Enable Account, Remote Enable for Root and all sub namespaces.
4. To enable remote access to SCMANAGER database, run the following from an elevated command prompt: sc sdset SCMANAGER D:(A;;CCLCRPRC;;;AU)(A;;CCLCRPRC;;;IU)(A;;CCLCRPRC;;;SU)(A;;CCLCRPWPRC;;;SY)(A;;KA;;;BA)(A;;CC;;;AC)
5. Run in elevated PowerShell session (as SYSTEM, psexec -i -s Powershell.exe ):
Now you can use a Custom Sensor leveraging PowerShell Remoting (WinRM):
Custom Sensor settings
• Parameters: -RemoteHost:%host -Domain:%windowsdomain -Username:%windowsuser -Password:%windowspassword
• Security Context: Use windows credentials of parent device
May, 2015 - Permalink