The objective is to allow WMI queries on a computer for a non-admin user/group ?

the group to allow is mydomain\wmiquery-users

the scripts requires, dcomperm.exe and wmisecurity.exe

Authorize WMI users and set Permissions on Win7, Win2008 R2:http://technet.microsoft.com/en-us/library/cc771551.aspx

example of PS code:http://unlockpowershell.wordpress.com/2009/11/20/script-remote-dcom-wmi-access-for-a-domain-user/

Download the wmisecurity.exe from codeproject site:http://www.codeproject.com/KB/system/WmiSecurity.aspx

Download the dcomperm.exe from: http://cid-62b84429c3a8a991.skydrive.live.com/self.aspx/SharePoint/DComPerm.zip

 1st step: Set up DCOM permissions:

@echo off
CLS
echo.
echo Windows computers – Set up DCOM Permissions – Oct 2011
echo __________________________________________________________________________________
echo.
==========================================================================>.\logs\Set-DCOM-Permissions_%computername%.txt
echo Show current DCOM permissinos – current values on %computername% BEFORE…
echo List machine access permission list…
dcomperm -ma list
echo List machine launch permission list…
dcomperm -ml list
echo List machine default permission list…
dcomperm -dl list
echo.
echo Show current DCOM permissinos – current values on %computername% BEFORE…>>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine access permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ma list >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine launch permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ml list >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine default permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ml list >>.\logs\Set-DCOM-Permissions_%computername%.txt
pause
echo.
echo ————————————————————————
echo Set new DCOM permissions – new values on %computername%…
echo Set machine access permission list…
dcomperm -ma set MYDOMAIN\wmiquery-users permit level:l,r
echo Set machine launch permission list…
dcomperm -ml set MYDOMAIN\wmiquery-users permit level:ll,la,rl,ra
echo Set machine default permission list…
dcomperm -dl remove MYDOMAIN\wmiquery-users permit level:ll,la,rl,ra
echo.
echo Set new DCOM permissions – new values on %computername%…>>.\logs\Set-DCOM-Permissions_%computername%.txt
echo Set machine access permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ma set MYDOMAIN\wmiquery-users permit level:l,r >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo Set machine launch permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ml set MYDOMAIN\wmiquery-users permit level:ll,la,rl,ra >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo Set machine default permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -dl remove MYDOMAIN\wmiquery-users permit level:ll,la,rl,ra >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo.
echo ————————————————————————-
echo Show current DCOM permissinos – current values on %computername% AFTER…
echo List machine access permission list…
dcomperm -ma list
echo List machine launch permission list…
dcomperm -ml list
echo List machine default permission list…
dcomperm -dl list
echo.
echo Show current DCOM permissinos – current values on %computername% AFTER…>>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine access permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ma list >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine launch permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ml list >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo List machine default permission list…>>.\logs\Set-DCOM-Permissions_%computername%.txt
dcomperm -ml list >>.\logs\Set-DCOM-Permissions_%computername%.txt
echo.
goto end
:end

2nd step: Set up WMI Security:

@echo off
CLS
echo.
echo Windows computers – Set up WMI Security – Oct 2011
echo _________________________________________________________________________
echo.
echo ————————————————————————————->.\logs\Set-WMISecurity_%computername%.txt
echo Set up WMI Security on %computername%…>>.\logs\Set-WMISecurity_%computername%.txt
WmiSecurity /C=%computername% /A /N=Root /M=”MYDOMAIN\wmiquery-users:REMOTEACCESS” /R
WmiSecurity /C=%computername% /A /N=Root /M=”MYDOMAIN\wmiquery-users:REMOTEACCESS” /R >>.\logs\Set-WMISecurity_%computername%.txt

goto end
:end