test access to a remote computer

This topic contains 2 replies, has 2 voices, and was last updated by  Kevin Greer 2 months ago.

  • Author
    Posts
  • #73234

    Kevin Greer
    Participant

    I will be converting this snip to two separate functions. One to test for general access to a remote computer and the other to test a WsMan connection. To test if access is granted on a remote computer I'm just doing Get-WMIObject just to see if I can access the remote computer. If I can't access it I know the specific user group is not added to the local administrators group and I can just exit here.

    My question: is there a better way to test remote administrator access on a computer?

    Write-Verbose -Message "testing remote administrator access and WinRM on $ComputerName" -Verbose
    try{
      $test = Get-WmiObject -Class win32_operatingsystem -ComputerName $ComputerName -ErrorAction Stop
      $access = $true
    }
    catch{
      $access = $false
    }
    if($access -eq $false){
      Write-Warning -Message 'Access denied: Please ensure that a required user group is added to the Local Administrators group. (domain\AD group)'
      Exit
    }
    
    if([bool](Test-WSMan -ComputerName $ComputerName -ErrorAction SilentlyContinue) -eq $false){
      Write-Warning -Message "WinRM might not be configured on $ComputerName. Please correct this then run script again"
      Exit
    }
    Write-Verbose -Message 'Remote administrator access passed and WinRM access passed' -Verbose
    
  • #73277

    Don Jones
    Keymaster

    Yes and no. WMI is just testing WMI; it'll fail against any new version of Windows (e.g., Win2016) with WMI disabled. Ping just tests the ICMP protocol. Remoting just tests Remoting, which could be disabled. None of those would verify Remote Registry access, for example. You just kind of have to decide for yourself if it's sufficient.

  • #73294

    Kevin Greer
    Participant

    If I have WMI access does that mean I have admin rights on the remote computer? I could do a try CIM Catch WMI to solve the problem where WMI is going away.

You must be logged in to reply to this topic.