You can configure a regular Windows user to access WMI information by adding the regular user account to the Distributed COM Users and the Performance Monitor Users group using lusrmgr.msc, and then configuring the DCOM security settings to allow the groups to access the system remotely (using dcomcnfg).
Note: These configurations are required to be performed in the User profiles of the client devices that are to be monitored.
Configuring Distributed COM Users in Local user and Groups Setting:
- Click Start → Run, type lusrmgr.msc and click OK.
- In the Users folder, right-click the user to bring up the menu, and select Properties.
- Click over to the Members of tab, and click Add.
- Under 'Enter the object names to select', type 'Distributed COM Users' (without quotes), click Check Names, then click OK.
- Click Add.
- Repeat steps 3-5 for the Performance Monitor Users group.
Configuring the DCOM Security Settings to allow the groups to access the system remotely:
- Click Start → Run, type dcomcnfg and click OK.
- Drill down into the Component Services tree until you get to My Computer. Right-click 'My Computer' to bring up the menu, and click Properties.
- Click the COM Security tab, then click Edit Limits under the Launch and Activation Permissions section.
- Click Add.
- Under 'Enter the object names to select', type 'Distributed COM Users' (without quotes), click Check Names, then click OK.
- Click Add.
- Repeat steps 9-12 for the Performance Monitor Users group.
- Check Allow for each of the permissions (Local Launch, Remote Launch, Local Activation, Remote Activation) for each of these groups, and click OK.
Setting the WMI Control security settings to be applied to all namespaces:
- Click Start → Run, type wmimgmt.msc and click OK.
- Right-click WMI Control (Local) to bring up the menu, and click Properties.
- Click over to the Security tab, then click Root, and click the Security button.
- Click Add.
- Under 'Enter the object names to select', type 'Distributed COM Users' (without quotes), click Check Names, then click OK.
- Make sure the Distributed COM Users group is selected, and click Advanced.
- Highlight the row with Distributed COM Users in it and click Edit.
- From the 'Applies to' drop-down list, select 'This namespace and subnamespaces'.
- Under the 'Allow' column, check Execute Methods, Enable Account and Remote Enable, and then click OK.
- Repeat steps 17-23 for the Performance Monitor Users group.
- Click OK to close all windows.
If you are using Windows Server 2003 SP1, you will have to run the following steps to access the Win32_Service class due to a known issue in Microsoft:
You should now be able to perform WMI monitoring on this Windows host with a regular user account instead of an admin account.