1 Reply Latest reply on Jun 13, 2019 5:00 PM by Brian Morris

    Access Denied/Provider Failure scanning windows hosts

    Ana Lorite
      Share This:



      We are having problems to discover some windows hosts.


      The user created to discover the windows host has these access permissions:


      DCOM: Remote access enabled

      WMI: Root\CIMV2 namespace: Remote Enable, Account Enable

      WMI: Root\Default namespace: Remote Enable, Account Enable, Execute

      WMI: Root\WMI namespace: Remote Enable, Account Enable


      My customer doesn't allow us to assign the admin role to this user but Discovery is scanning successfully a lot of windows hosts.


      But we are getting no access results scanning some endpoints with this user.


      From the WMI Tester:

         SELECT * FROM Win32_Processor

         Access Denied


         SELECT * FROM Win32_NetworkAdapter

         Provider Failure


      From the event viewer:

      Id = {15A8D090-6F3F-0000-23BB-BF183F6FD401}; ClientMachine = DVRYPRX01; User = bkpt\discoverypt; ClientProcessId = 5060; Component = Unknown; Operation = Start IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapter; ResultCode = 0x80041004; PossibleCause = Unknown


      I confirmed that with an admin user, the endpoint would be discovery successfully but this way is a "closed road" in this customer.


      So our idea could be to extend the access permissions to the user for that "special" endpoints but to do this, I need to know where to see the reason for that error. We marked the Security Read permission in the WMI tree (root, CIMV2, Default and WMI) with no success.


      Can you help me? I know the answer is "allow the user an admin access" but, as I said, it is not possible and I wonder if it's possible a "customized" access as the one we have in ssh discovery: we don't have a sudo user. We have a sudoers file that lists the command and parameters with sudo privileges.


      Thank you very much!!!