0

I am trying to run a powershell command on a server very similar to this one.

https://stackoverflow.com/a/55942155/4577279

The problem is that the script is being run by a non-admin user, and it fails to run the Get-CimInstance command.

it fails with

Get-CimInstance : Access denied 
At C:\bin\SCRIPT.ps1:6 char:5
+     Get-CimInstance Win32_Process | ...
+     ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : PermissionDenied: (root\cimv2:Win32_Process:String) [Get-CimInstance], CimException
    + FullyQualifiedErrorId : HRESULT 0x80041003,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand

The command is run by an instance of windows server 2019 on a remote box. The script in question is on the box as well.

How can I allow for the non-admin user to run this command without having to run it as administrator? I am in full control of the server and can modify the permissions, but I'm not sure how to approach that. The script should be run by a non-admin if at all possible.

alternatively if there is a different way to get the entire children process tree for a given PID, that could work, too.

Thank you

Kevin Leutzinger
  • 21
  • 3

1 Answers1

0

By default, Administrators (local) and Authenticated Users (domain) have at least read rights to the namespace. You need to ensure you can login/authenticate to the server. It's worth mentioning that the Authenticated Users group does not have Remote Enable permission by default. see this answer for more information - What are the permissions required for CIMSessions

Otter
  • 1,086
  • 7
  • 18