WMI: Access Denied. SeSecurityPrivilege failure.

From: Parthasarathy Govindarajen (gp_at_fullarmor.com)
Date: 05/19/04


Date: Wed, 19 May 2004 11:42:17 -0400

Hi,

When I run a notification query in the root\cimv2 namespace using Wbemtest
tool I am getting this Access Denied error. In the security log I see two
privilege use 578 failure audit events, whose description tells gives me the
privilege name as "SeSecurityPrivilege".

The machine on which I am running this query is the only domain controller
(Windows 2000 Advanced Server SP 4) on a test domain and I am logged on as a
domain admin.

Here's the query:
select targetinstance from __instancecreationevent where targetinstance isa
'win32_ntlogevent'
and targetinstance.logfile = 'security'

I verified that the domain admins can manage auditing and security logs by
looking in the default domain controller policy and also the effective
setting on the domain controller. I have also tried "enabling all
privileges" and the various authentication level while connecting to the
namespace using the wbemtest tool. Nothing worked. All the time I was
getting access denied.

Could somebody help please?

Thanks in advance,
Partha