Issues with Gwmi win32_process

This topic contains 0 replies, has 1 voice, and was last updated by  Forums Archives 5 years, 9 months ago.

  • Author
    Posts
  • #6131

    by jaredatkinson at 2013-04-25 07:55:09

    I am trying to enumerate processes on a remote machine using


    Invoke-Command {Get-WmiObject win32_process | select Name, ExecutablePath, CommandLine} -ComputerName testhost

    To run this command I am using runas to create a powershell with administrator credentials:

    runas /noprofile /netonly /u:username powershell

    When I the username for runas is a local admin on testhost the objects that are returned from gwmi have the executablepath and commandline properties filled in, however when I runas a domain admin the gwmi properties are returned as empty except for processes I created.

    Is there something I am overlooking when running gwmi? Or does the domain admin not have the same rights as the local admin with respect to process information? It seems like local admin can see everything on the local machine, but the domain admin cannot see user specific information.

    by DonJ at 2013-04-26 07:09:48

    So... out of curiosity, why the runaround with runas? Could you not use the -Credential parameter of Invoke-Command?

    It sounds as if the domain admin isn't a local Administrator on testhost. Only local Administrators can enumerate all of the processes on a computer. Without knowing a lot more about the security arrangement between these computers, I couldn't help you figure that out. But I'd start by seeing if the machine's local Administrators group contains the domain Domain Admins group.

You must be logged in to reply to this topic.