How to Verify WMI Permissions Required for ConfigMgr SCCM Console Access

We will see how we can check and confirm the WMI permissions Required for SCCM / ConfigMgr console access. Also, some very useful links which would help you in console-related troubleshooting.

Log file to look into SMSADMINUI.log. Location -> \Program Files\Microsoft Configuration Manager\AdminConsole\AdminUILog

  • Run wmimgmt.msc from the primary site server.
  • Go to WMI control –> properties
WMI
How to Verify WMI Permissions Required for ConfigMgr SCCM Console Access
  • In Security tab, expand root, and click SMS
WMI
How to Verify WMI Permissions Required for ConfigMgr SCCM Console Access
  • Click security in the results pane to see the permission
WMI
How to Verify WMI Permissions Required for ConfigMgr SCCM Console Access
  • Click advanced, click SMS Admin, then view-edit
image
How to Verify WMI Permissions Required for ConfigMgr SCCM Console Access
  • If the SMS Admins group does not have Enable Account and Remote Enable permission, grant the permission
image
How to Verify WMI Permissions Required for ConfigMgr SCCM Console Access
  • Repeat this procedure for other groups used in addition to SMS Admins

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a logger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

Patch My PC

4 thoughts on “How to Verify WMI Permissions Required for ConfigMgr SCCM Console Access”

  1. Sccm primary site join to aaa.local and Added a security group to this sms admin local group, however the members (members comprise of aaa.local and bb. aaa.local) in that security group but members from bb.aaa.local are unable to access the console too. Any clue?

    Reply
  2. It use to be working well, however we have restore the wsus dbs and that caused the issue.

    Yes aaa and bbb is a parent-child domain.

    Reply
  3. We have tried to access from the same laptop that aaa.local users were able to access. But not for user from bbb.aaa.local

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.