I very much doubt that I am the first to do this, but I wanted to share it anyway.

How to set up an account to scan Windows devices from Spiceworks without administrator level rights.

Step 1: Create a group which can be used to grant access to WMI

WMI permissions may be set using the WMI Control option in Computer Management. Alternatively the script below can be used to create the group and assign permissions.

Access is granted to the root namespace and all sub-namespaces.

Step 2: Create a service account and add it to a few groups

The service account does not require administrative privileges, but it does need to be a member of a number of machine-local groups.

Restricted groups would be a useful way to setting appropriate group membership for the service account.

Once complete the service account should be able to poll Windows hosts for information and counters without the too-often recommended need for it to be an administrator.

Leave a Reply

Your email address will not be published. Required fields are marked *