One of customers tried to connect with WBEMTEST from its sccm site server to a managed workgroup client host. But he failed with 0x80070005 meaning “Access is denied“. There are three common errors you may run into while connecting to WMI on a workgroup client.
| Error | Possible Issue | Solution |
|---|---|---|
| 0x800706BA – RPC Server Unavailable Firewall issue or server not available. | The computer really doesn’t exist ยท The Windows Firewall is blocking the connection | Connecting to Vista: netsh advfirewall firewall set rule group=”windows management instrumentation (wmi)” new enable=yes Connecting to downlevel: Allow the “Remote Administration” rule in Windows Firewall. |
| 0x80070005 โ E_ACCESS_DENIED Access denied by DCOM security. | The user does not have remote access to the computer through DCOM. Typically, DCOM errors occur when connecting to a remote computer with a different operating system version. | Give the user Remote Launch and Remote Activation permissions in dcomcnfg. Right-click My Computer-> Properties Under COM Security, click “Edit Limits” for both sections. Give the user you want remote access, remote launch, and remote activation. Then go to DCOM Config, find “Windows Management Instrumentation”, and give the user you want Remote Launch and Remote Activation. For more information, see Connecting Between Different Operating Systems |
| 0x80041003 โ WMI Access Denied Access denied by a provider | The user does not have permission to perform the operation in WMI. This could happen when you query certain classes as a low-rights user, but most often happens when you attempt to invoke methods or change WMI instances as a low rights user. The namespace you are connecting to is encrypted, and the user is attempting to connect with an unencrypted connection | Give the user access with the WMI Control (make sure they have Remote_Access set to true) Connect using a client that supports encryption. |
To be able to connect successfully to WMI on a workgroup computer, you can follow the steps below on the target workgroup computer.
- First finish the steps described in Securing a Remote WMI Connection
- Launch DCOMCNFG and expand Component Services>Computers, then right click on My Computer
- In Access Permissions, click Edit Limits
- Select ANONYMOUS LOGON and grant Remote Access, OK.
- In Launch and Activation Permissions, select Everyone and grant Remote Launch and Remote Activation. OK.
- Then disable UAC โ
a. Open the Local Security Policy (secpol.msc)
b. Expand open Local Policies and Security Options in the left pane of Local Security Policy, and double click/tap on the User Account Control: Run all administrators in Admin Approval Mode policy
c. Set it to Disabled, save.
- Restart the computer
Go to your another computer and launch WBEMTEST.
SCCM Monde 