I would go and test MBS's suggestion. Either that or I'd set up a standard user account myself and see what needed tweaking to make their WMI stuff work. Procmon may be a particular help here.
This reminds me sometimes about the perception of "admin access". When I used to work for a big outsourcer we got a lot of complaining from their previous IT guys about how they "needed" admin access to do certain things (I remember AutoCAD being a particular pain). We simply gave them a new account which was prefixed "admin" and added the Create Global Objects user right via GPO, which let AutoCAD function, and they were happy as pigs in poo. Despite the fact that their "admin" account couldn't really do much more than the account of a bog-standard user. On 3 August 2010 19:49, Joseph Heaton <[email protected]> wrote: > Exactly! Which is why we're trying to figure out if we can comply, by > letting them get whatever info they need, without giving them the keys to > our domain... > > >>> James Rankin <[email protected]> 8/3/2010 11:38 AM >>> > Domain Admin access not a big deal? Morons. I wouldn't let any third > parties > near a Domain Admin account. > > On 3 August 2010 19:15, Joseph Heaton <[email protected]> wrote: > > > 1. Yes, we are required to do this. It's supposed to be for information > > gathering only, but we're trying to cover our backsides, in case they > mess > > something up. > > Yes, we can gain benefit, in that we can use this to get WMI access > for > > our Orion product. > > 2. Documentation is a difficult thing. The wording of their message is > > such that they feel it's not a big deal for us to just give them a domain > > admin account to play with. > > > > >>> Steven Peck <[email protected]> 8/3/2010 10:49 AM >>> > > To be honest the real questions are; > > 1. Are you required to do this? (Usually yes) > > - if yes, can you gain benefit? (Usually you can) > > 2. Do they have documentation on least privilege necessary for their > > tools to run? > > > > > > > > On Tue, Aug 3, 2010 at 10:26 AM, Free, Bob <[email protected]> wrote: > > > My experience with WMI and CMDB or security scanner products tells me > > > you are out of luck, at some point, the information they require is > > > situated such that they require admin privs just to be able to read it. > > > > > > -----Original Message----- > > > From: Joseph Heaton [mailto:[email protected]] > > > Sent: Tuesday, August 03, 2010 10:18 AM > > > To: NT System Admin Issues > > > Subject: Re: WMI information gathering > > > > > > Anyone have any idea on this one? > > > > > >>>> Joseph Heaton <[email protected]> 8/2/2010 3:42 PM >>> > > > We have a group that wants to come in, and "scan our servers" to gather > > > information. We want to cooperate with this effort, but we don't want > > > to give them access to be able to write back to the servers. Is this > > > possible? Is there a tool that can be used without an admin account, > in > > > order to gather information from within WMI? Please contact offline > for > > > further details, if needed. As always, I sincerely appreciate any > > > assistance any of you may be able to provide. > > > > > > Thanks, > > > > > > Joe > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > > > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > > > > -- > "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into > the machine wrong figures, will the right answers come out?' I am not able > rightly to apprehend the kind of confusion of ideas that could provoke such > a question." > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > -- "On two occasions...I have been asked, 'Pray, Mr Babbage, if you put into the machine wrong figures, will the right answers come out?' I am not able rightly to apprehend the kind of confusion of ideas that could provoke such a question." ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
