DCom hardening breaks remote WMI in Windows PE?

Marco[73] 11 Reputation points
2022-09-08T09:32:57.797+00:00

I recently found out that the DCom hardening soluition Microsoft shipped with the June updates causes remote WMI from Windows PE to fail with an access denied message. When implementing the temporary registry key workaround, remote WMI queries do work.

My situation is one where I use a pre-start command in the Configuration Manager boot image to run a powershell script that uses WMI to query the configuration manager environment to check the local UUID against the database to see whether a system is already in Config Manager. The script uses a valid user account for the WMI query. With the June updates this query returns an access denied message.

When implementing the registry key highlighted in KB5004442 (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole\AppCompat) on the server, the WMI request works again.

Running the same piece of code form a regular Windows 10 machine, with the same credentials, does not get an access denied and returns the request like expected.

My question is how can I configure DCOM/Remote WMI in Windows PE to use the same security level as a regular Windows 10 system?

Windows Server
Windows Server
A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.
12,238 questions
Microsoft Configuration Manager
{count} votes

3 answers

Sort by: Most helpful
  1. Carl Walker 0 Reputation points
    2023-05-22T08:15:52.5066667+00:00

    Having the same issue, have a PS script making calls to the SCCM server to pull build relevant data and now failing. Please can this be remediated for Windows PE, it's a real problem for our build solutioning.

    0 comments No comments

  2. Nicky Bries 5 Reputation points
    2023-05-22T09:04:47.4333333+00:00

    Rewrite your scripts to use the administration service.

    https://learn.microsoft.com/en-us/mem/configmgr/develop/adminservice/usage

    0 comments No comments

  3. Nicky Bries 5 Reputation points
    2023-09-19T09:43:37.1366667+00:00

    We fixed this issue by replacing wmi querys with admin service based query's.

    https://learn.microsoft.com/en-us/mem/configmgr/develop/adminservice/overview

    0 comments No comments