Author Posts

May 1, 2015 at 3:38 am

Hello All,

I am in need of getting the RDP certhash of a remote machine. I found a way to get the same using wmic and it works absolutely fine. I am trying the same with powershell on the same console but I am receiving Access Denied error. Am I doing something wrong?


PS C:\> wmic /node:Testserver /namespace:\\root\CIMV2\TerminalServices PATH Win32_TSGeneralSetting get SSLCertificateSHA1Hash
SSLCertificateSHA1Hash
1F463C2D9742AA3CE038A0C216FF179418C790EA

PS C:\>
PS C:\> gwmi Win32_TSGeneralSetting  -Namespace "root\cimv2\terminalservices" -ComputerName Testserver | select -ExpandProperty SSLCertificateSHA1Hash
gwmi : Access denied
At line:1 char:1
+ gwmi Win32_TSGeneralSetting  -Namespace "root\cimv2\terminalservices" -ComputerN ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : InvalidOperation: (:) [Get-WmiObject], ManagementException
    + FullyQualifiedErrorId : GetWMIManagementException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

May 1, 2015 at 3:51 am

I just tried this

Get-WmiObject -Namespace root\cimv2\TerminalServices -Class Win32_TSgeneralSetting -ComputerName W12R2SUS

against a remote Windows 2012 R2 machine and it worked.

Access denied is usually a permissions problem. Can you access a standard class on the remote machine using Get-WmiObject?

You may need to create a credential object and use that with Get-WmiObject.

Alternatively try Get-CimInstance. It runs over WSMAN and doesn't trip over so many issues as Get-WmiObject
Get-CimInstance -Namespace root\cimv2\TerminalServices -ClassName Win32_TSgeneralSetting -ComputerName W12R2SUS

May 1, 2015 at 7:41 am

Thanks Richard. I have admin rights on the remote machine and I am able to access the remote server's standard class wmi using gwmi such as win32_bios. I have also tried supplying the credential (domain as well the local built in admin) as suggested – but still no luck.

My environment is not setup with PS remoting yet but I still enabled it only on this remote machine to check this issue with get-ciminstance. But I was getting "A DMTF resource URI was used to access a non-DMTF class. Try again using a non-DMTF resource URI.". Then I saw your article and got to know the problem is due to wsman3 and 2 connection conflicts. I was running these commands from windows 2012 (PS3) to the remote Windows 2008R2 machine. Finally I managed to get it working with mix and match WSMAN and DCOM based CIM sessions and I could get the RDP certhash.

I tried using the same gwmi command from windows 2012(PS V3) to remote windows 2008/2012/R2 machines and still have the same problem. But when i use it from windows 2012 R2 to remote machines with any os 2008/12/R2 everything works fine. So looks like it is fixed in PS V4. .

May 2, 2015 at 5:18 am

When ever you see Access denied (raised by: Get-WmiObject) simply add -Authentication PacketPrivacy to the gwmi cmdlet.
gwmi Win32_TSGeneralSetting -Namespace "root\cimv2\terminalservices" -Computername blah -Authentication PacketPrivacy

May 3, 2015 at 10:56 am

@albvar01 – Awesome. Thank you. It works with -Authentication PacketPrivacy on PS v3.