wmi impersonation on remote computer as currently logon user

Question

I have created mvc application. It's an intranet website. users login with windows authentication. After some certain progress i need to connect from webserver to client machine to trigger some wmi function. Everything works i can connect their wmi and trigger actions with my service account ( which is administrator on client computer )

My problem is the wmi context which i connect is always my administrator account's context. This is not what i want because i need to run this as currently logon user on the remote machine.

So. i need to login to remote machine with my admin account and run function as current user account. Is it possible ? or its not possible because of security of windows.

This is how i connect to remote computer

    ManagementScope wmiScope = new ManagementScope(@"\\" + remoteHost + wmiNameSpace);
wmiScope.Options.EnablePrivileges = true;
wmiScope.Options.Impersonation = ImpersonationLevel.Impersonate;
ManagementPath wmiClass = new ManagementPath(wmiClassName);
ManagementClass wmiObject = new ManagementClass(wmiScope, wmiClass, null);
return wmiObject;

and this is how i trigger function

  ManagementClass wmiConnection = clientConnection.ConnectRemoteWMI(remote, @"\ROOT\ccm\ClientSDK", "CCM_ClientUtilities");
            ManagementBaseObject parameters = wmiConnection.GetMethodParameters(policyType);
            ManagementBaseObject result = wmiConnection.InvokeMethod(policyType, parameters, null); 

Answer 1

This is not a direct answer. However, you should have all the information you need here

Connecting to WMI Remotely with C#

In short you will need create a system ManagementScope

Note System.Management was the original .NET namespace used to access WMI; however, the APIs in this namespace generally are slower and do not scale as well relative to their more modern Microsoft.Management.Infrastructure counterparts.

However

1. Create a ManagementScope object, using the name of the computer and the WMI path, and connect to your target with a call to ManagementScope.Connect() .

2. If you connect to a remote computer in a different domain or using a different user name and password, then you must use a ConnectionOptions object in the call to the ManagementScope .

   • Check out the it it takes a username and password ConnectionOptions Constructor (String, String, SecureString, String, ImpersonationLevel, AuthenticationLevel, Boolean, ManagementNamedValueCollection, TimeSpan)

The ConnectionOptions contains properties for describing the Authentication, Impersonation, username, password, and other connection options.

ConnectionOptions options = new ConnectionOptions();
options.Impersonation = System.Management.ImpersonationLevel.Impersonate;

// options takes more arguments, you need to read up on what you want

ManagementScope scope = new ManagementScope("\\\\FullComputerName\\root\\cimv2", options);
scope.Connect();

ManagementPath path = new ManagementPath("Win32_NetworkAdapterConfiguration");
ObjectGetOptions o = new ObjectGetOptions(null, System.TimeSpan.MaxValue, true);
ManagementClass objMC = new ManagementClass(scope, path, o);
...

Generally speaking, it is recommended that you set your Impersonation level to Impersonate unless explicitly needed otherwise

---

Additional reading

Connecting to WMI Remotely with C#

ManagementScope Class

ConnectionOptions Class

ObjectGetOptions Class

ManagementPath Class

ManagementClass Class

Disclaimer : You will have to read about these topics and work out what you need in your situation.