The Dreaded Remote WMI 0x80070005 (E_ACCESSDENIED) Error

I was setting up a custom powershell script to do some remote monitoring on my servers.  For security purposes, I was not running as an admin, which is always good karma.  Locally, the script worked.  Remotely it did not.  The command I was executing was the following...

$colItems = get-wmiobject -class "DELL_System" -namespace "root\cimv2\dell" -computername "REMOTESERVER"

As you can see, I'm querying information from the Dell WMI namespace.  I made sure RemoteAccess permission was set up in the WMI configuration (among many other things), but nothing would work!

I finally found my solution with DCOM.  Now, I know you've read this before and you are thinking "BUT DCOM IS ALREADY RUNNING AND IT STILL DOESN'T WORK!" but I assure you, my solution is different than that very common newsgroup solution.

Check the COM Security tab under Properties for My Computer under Component Services.  Under "Launch and Activation Permissions" check "Edit Limits."  These limits are designed as a cap for the maximum security any DCOM server can grant.  So, even if permissions are set correctly in WMI and also in DCOM Windows Management and Instrumentation server, you still need to make adjustments here. 

image

Notice that although Administrators and Distributed COM Users have Remote Launch and Remote Activation, Everyone does not.  It's up to you how you want to secure your DCOM, but I'm opting for adding my non-admin DCOM users to the Distributed COM Users group.  Fixed!