Author Posts

January 1, 2012 at 12:00 am

by jaredatkinson at 2013-04-25 07:55:09

I am trying to enumerate processes on a remote machine using


Invoke-Command {Get-WmiObject win32_process | select Name, ExecutablePath, CommandLine} -ComputerName testhost

To run this command I am using runas to create a powershell with administrator credentials:

runas /noprofile /netonly /u:username powershell

When I the username for runas is a local admin on testhost the objects that are returned from gwmi have the executablepath and commandline properties filled in, however when I runas a domain admin the gwmi properties are returned as empty except for processes I created.

Is there something I am overlooking when running gwmi? Or does the domain admin not have the same rights as the local admin with respect to process information? It seems like local admin can see everything on the local machine, but the domain admin cannot see user specific information.

by DonJ at 2013-04-26 07:09:48

So... out of curiosity, why the runaround with runas? Could you not use the -Credential parameter of Invoke-Command?

It sounds as if the domain admin isn't a local Administrator on testhost. Only local Administrators can enumerate all of the processes on a computer. Without knowing a lot more about the security arrangement between these computers, I couldn't help you figure that out. But I'd start by seeing if the machine's local Administrators group contains the domain Domain Admins group.