How Do You Troubleshoot the PowerShell Error “Cannot connect to CIM Server: Access is denied”?

Problem scenario
You run a PowerShell command with a user who is not a local administrator on the server.  You get the error "Cannot connect to CIM server: Access is denied".  How do you circumvent this error?

Possible solution #1
Make the user a local administrator.  Then try again.

Possible solution #2
Use JEA to allow the user to run the command.  If you want directions on deploying JEA, see this posting.

Possible solution #3
1. As an Administrator of the server, go to Server Manager -> Tools -> Computer Management.  On the left expand "Services and Applications" and right click "WMI Control".  Go to "Properties".

2.  In the newly open Window, click on Security tab.

3.  Expand Root tree, and then click on the node CIMV2, and click the button security

4.  In the newly open Window, click the button Advanced.

5.  In the newly open Window, click the button Add under the permission tab.

6.  In the newly open Window, click on “select a principal", then search for the user you that was having the problem.  

'7.  In the applies to, choose “this namespace and subnamespace".

8.  For the permission, check on “Execute Methods", “Enable Accounts" and “Remote Enable"

9.  Click accept on all the open dialogue boxes

10.  Restart WMI services.  As an Admininstrator of the server, go to Server Manager -> Tools -> Computer Management.  On the left expand "Services and Applications" and click on "Services".  Go to "Windows Management Instrumentation" and right click it.  Then choose "Restart".

11.  Try the command again. The above directions were adapted from this StackOverflow posting.


For further reading
To learn more about the Common Information Model of PowerShell, see PowerShell in Depth; the index of the book for "Common Information Model" has numerous references.

Leave a comment

Your email address will not be published.