Can Windows 10 Pro do remote management?

-3

I tried to remote management from windows 10 pro to windows 10 pro in the same Workgroup but failed.

From local machine, run CMD with Run as administrator command is
wmic /node:"target machine IP" /user:"target machine local user" /password:"target machine local user pw" Desktop get ScreenSaverActive
resalut is
Node - target machine IP
ERROR:
Description = Access is denied.
(Use "wmic Desktop get ScreenSaverActive" on each own machine without problem)

Test WBEMTEST with "\target machine IP\root\cimv2"
resalt is
Number: 0x80070005
Facility: Win32
Description: Access is denied.
(Use "root\cimv2" on each own machine without problem)

Settings on target remote machine:
- Fixed IP address
- Network profile = Private
- Same Workgroup as local machine and can see each other in windows explorer
- Enabled Printer and Files shareing
- The user has a password, Menbers of Administrators, Distributed COM Users, Remote Desktop User, Remote Management Users Groups
- The user set to auto logon when boot
- Enabled remote desktop(Remote desktop from other machine to this machine without problem)
- Run winrm quickconfig
- Enabled Firewall Group "Windows Management Instrumentation (WMI)" both inbound and out bound
- Enabled Firewall Group "Remote Administration" inbound
- Enabled Firewall Group "Remote Assistance" both inbound and out bound
- Enabled Firewall Group "Remote Service Management" inbound
- Enabled Firewall Group "Windows Remote Management" inbound
- Enabled Firewall Group "Windows Remote Management(Compatibility)" inbound
- Firewall add rule dir=in name="DCOM" program=%systemroot%\system32\svchost.exe service=rpcss action=allow protocol=TCP localport=135
- Firewall add rule dir=in name ="WMI" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any
- Firewall add rule dir=in name ="UnsecApp" program=%systemroot%\system32\wbem\unsecapp.exe action=allow
- Firewall add rule dir=out name ="WMI_OUT" program=%systemroot%\system32\svchost.exe service=winmgmt action=allow protocol=TCP localport=any
- Registry HKLM\SOFTWARE\Microsoft\WBEM\CIMOM /v AllowAnonymousCallback /t REG_DWORD /d 1
- Registry HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
- Registry HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Policies\System /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1
- Config WMImgmt.msc-->WMI Control(local)-->Properties-->Security Tab-->Root-->Security-->Advanced
   -->Enabled all permissions to existed Allowed principal
   -->ADD-->the target user(enabled all permission)(Applies to:This namespace and subnamespaces)
   -->ADD-->Everyone Group(enabled all permission)(Applies to:This namespace and subnamespaces)
- Config Dcomcnfg-->Component Servives-->Computers-->My Computer-->Properties-->COM Security Tab
   -->both Access Permissions and Launch and Activation Permissions(both Edit Limits and Edit Default...)
      -->Add the target user with all permissions
      -->Add Everyone group with all permissions
- Config Dcomcnfg-->Component Servives-->Computers-->My Computer-->DCOM Config-->Windows Management and Instrumentation-->Properties-->Security Tab
   -->Set all to Customize and Edit all Customize with
      -->Enaled all permissions to existed users and groups
      -->ADD-->the target user(enabled all permission)
      -->ADD-->Groups(Everyone, Authenticated Users, ANOYMOUS LOGON)(enabled all permission)
- Edit Group Policy -> Local Computer Policy -> Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Defender Firewall -> Domain Profile -> Windows Defender Firewall: Allow inbound remote administration exception -> Enable (*=all)
- Edit Group Policy -> Local Computer Policy -> Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Defender Firewall -> Standard Profile -> Windows Defender Firewall: Allow inbound remote administration exception -> Enable (*=all)
- Systemtime both local and remote machine are identical(Thailand local time)

Settings on Local Machine:
- IP from DHCP
- Network profile = Private
- Same Workgroup as target remote machine and can see each other in windows explorer
- Enabled Printer and Files shareing
- The user has a password, Members of Administrators Groups
- Enabled Firewall Group "Remote Assistance" both inbound and out bound
- Enabled Firewall Group remote desktop (profile Private)
- Enabled Firewall Group "Remote Service Management" inbound (profile Private)
- Enabled Firewall Group "Windows Management Instrumentation (WMI)" both inbound and out bound

Best Regard,
Tain

wmic
remote-management
asked on Stack Overflow Jul 22, 2018 by tain • edited Jul 22, 2018 by marc_s

0 Answers

Nobody has answered this question yet.


User contributions licensed under CC BY-SA 3.0