I've created an app that runs a query against SCCM Client machines. The issue I am having is that WMI on the remote machine is returning 'Access Denied'.
I have two users, AdminUser and NormalUser. I also have two scenarios, NormalUser executes the app or AdminUser executes the app. In both scenarios AdminUser credentials are passed to the ManagementScope ConnectionOptions.
After the app is launched a connection is made to the client machine.
ConnectionOptions options = new ConnectionOptions();
options.Authentication = AuthenticationLevel.Connect; options.Username = classList.snippetClass.getProcess.StartInfo.UserName; options.SecurePassword = classList.snippetClass.getProcess.StartInfo.Password; options.Authority = "ntlmdomain:" + classList.snippetClass.getProcess.StartInfo.Domain; options.EnablePrivileges = true; options.Impersonation = ImpersonationLevel.Impersonate; scope = new ManagementScope( "\\\\" + remoteComputerName + "\\root\\ccm", options);
Then, a request is made to return the RequestMachinePolicy method parameters.
ManagementClass cls = new ManagementClass(scope.Path.Path, "sms_client", null); ManagementBaseObject inParams = cls.GetMethodParameters("RequestMachinePolicy");
It is at this point that behaviour changes depending on either of the two scenarios:
1. If AdminUser launched the app then the request completes without error.
2. If NormalUser launched the app an 'Access Denied' is returned.
Remember that in both instances the same credentials are being passed to WMI through the ConnectionOptions.
Why am I getting an 'Access Denied' after making a connection with Administrator rights?