WMI "Access Denied" to Read Only Domain Controller

From a management machine using wbemtest, we are able to successfully connect to a remote Read-Only Domain Controller that is running Windows Server 2012 R2 Datacenter with a user who is a member of the Domain Admins security group. However, when we try to connect using a non-admin user, we encounter an "Access Denied" error. This user is a member of the following security groups and has full access to Root of WMI Control for the RODC (Execute Methods, Full Write, Partial Write, Provider Write, Enable Account, Remote Security, Read Security, Edit Security):

• Distributed COM Users
• Domain Users
• Event Log Readers
• Performance Monitor Users
• Server Operators

The Windows Firewall with Advanced Security is disabled for this troubleshooting on the Read Only Domain Controller.

The error we get is:

Number: 0x80041003
Facility: WMI
Description: Access Denied

It is unacceptable for this user to be a member of the Domain Admins group. Would anyone be able to point us in the direction of a possible solution? I have already read all of the WMI troubleshooting posts on serverfault and as many as I could find elsewhere.

Thank you.

Use dcomcnfg.exe to configure WMI permissions.

Component Services > Computers > My Computer > DCOM Config

Windows Management and Instrumentation

Properties > Security tab

Launch and Active Permissions > Edit

Add a group that requires the access and grant the required permissions (Remote Launch/Activate).

It is also possible to export the permissions and grant the permission in group policy in Computer > Policies > Windows Settings > Security Settings > Local Policies > Security Options > DCOM