New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Can't connect to non-admin Windows account (Get-CimInstance PermissionDenied) #2648
Comments
On the remote, if you open powershell, are you able to run this command? |
logged into the remote with remote desktop: logged into the remote via ssh: ... neither were run with specifically requesting admin. perhaps something in my openssh configuration is wonky? i just added the server from Add/Remove Components, rebooted, and then made sure the service was running in taskmanager, then used it. |
Are you the same user in both? In the remote desktop case is that an Admin powershell window? |
same user.. i'm pretty sure it was not an admin powershell, but i will re-run it just to make sure So, it looks like I have permission to run that command when connected via RDP to the machine, but not when connected via SSHD .. not sure how that works exactly, I'm no expert in Windows permissions. I'm probably not even a novice in Windows permissions :) |
Can you try running this snippet on both ends?
|
From RDP
from sshd
|
Thanks for trying that. I have no clue what's going on, I'll have to experiment some more. |
If it helps at all, it's a pretty basic installation of Windows 10 Pro, it's got Docker for Windows installed, a Plex Media Server, and a bunch of Docker services that handle home automation tasks. That's really about it. I decided I wanted to try VSCode remote to it, now that it supports Windows. ssh wouldn't work with the default account which has no password on it, so i used the account that was setup for Docker volume sharing (since Docker also doesn't work with accounts that have no password) ... i don't know what else I could add that might help. |
I can repro. Basically |
yes, I can repro this easily, ssh to windows box, open powershell and execute the command: (Get-CimInstance Win32_OperatingSystem).Version, you get back:
|
Connecting via SSH is a network logon vs interactive logon locally or via RDP. I think the credentials of the SSH session can't be forwarded to the local COM server to use CIM. |
Confirming that the destination account is a Local Standard account type. |
I'm reproducing with a Local Standard account. Local Admin account works fine. |
Grant permission to execute Get-CimInstance, but still dont work. Grant permission: New error: |
Is there any known workaround for this issue? Some patch I could try? Thanks. |
I don't know if anyone's found anything else out yet, but i made a second admin account on the machine. :| |
I am having this exact same issue with CimInstance privileges. Haven't been able to find a workaround that works. |
Here is slightly different and shorter approach from what @faltrock-abone described: (+1 btw!)
What's the difference or why doing it this way? Another difference is that you affect only single standard user account. edit: |
Met exactly same issue as @CSU-FulChou mentioned above. Administrator account is OK but other admin group users are not. Tried the solution @metablaster provided above, the issue is still there. |
Same issue. Still not fixed for 21 months??? |
Steps that worked for me:
|
I am having the same issue, the host is a computer from my company and I cannot do the suggested changes. |
I have the same issue when I use non Administrator account. But Administrator account is ok. |
This issue makes me sad. Since it's "On Deck," I check every new release to see if it's fixed. And it is not. My workaround is to ssh to bash under WSL2 on the Windows box. The user account does not need administrator for this access method. (Well, I guess you'll need it to install WSL2.) |
Hi @grtwje, you can also try some of the above workarounds such as @metablaster’s to connect to the windows side. It does require some mucking around, so an OOB solution build into the extension would be ideal! |
same here, why this issue has so low priority ? |
Because they believe that very few people will choose Windows instead of Linux as the SSH server, and thus they somewhat don't care about Windows users. They betrayed Microsoft. |
like +1 for this as a fix worthy issue. The workaround from @metablaster works, but changing user permissions might not be possible in a coporate environment, and thats also where windows servers with limited permissions are most likely to occur. Anyway @roblourens is there any idear how to fix this? I could imagine this is a wontfix as the issue seems to be with how permissions are set within windows by default here. |
Just leaving a message for those coming after me
|
Confirm that metablaster's approach worked for me. While I understand vs-code cannot do this setup automatically, I believe that when this situation is detected during setup, it should direct users to a help article with official guidance on how to configure this properly with minimal permissions.
|
@tom-inetum-realdolmen Thanks a lot for the detailed guide , which worked for as described, very helpful |
#2648 (comment) visually 😁 |
Not fixed in VSCode Version: 1.82.2 |
I'm using VSCode 1.85.1 and I am also facing this problem. |
I just wanted to say this is the best documentation I have ever seen. However, it did not full fix the issue for me. It only changed the error from: <Objs Version="1.1.0.1"
xmlns="http://schemas.microsoft.com/powershell/2004/04">
<S S="Error">gcim : Access denied _x000D__x000A_</S>
<S S="Error">At line:52 char:6_x000D__x000A_</S>
<S S="Error">+ $u_=(gcim win32_process | ? processid -eq $t_).parentprocessid_x000D__x000A_</S>
<S S="Error">+ ~~~~~~~~~~~~~~~~~~_x000D__x000A_</S>
<S S="Error"> + CategoryInfo : PermissionDenied: (root\cimv2:win32_process:String) [Get-CimInstance], CimException_x000D__x000A_</S>
<S S="Error"> + FullyQualifiedErrorId : HRESULT 0x80041003,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand_x000D__x000A_</S>
<S S="Error"> _x000D__x000A_</S>
</Objs> to: <Objs Version="1.1.0.1"
xmlns="http://schemas.microsoft.com/powershell/2004/04">
<S S="Error">gcim : Invalid class _x000D__x000A_</S>
<S S="Error">At line:52 char:6_x000D__x000A_</S>
<S S="Error">+ $u_=(gcim win32_process | ? processid -eq $t_).parentprocessid_x000D__x000A_</S>
<S S="Error">+ ~~~~~~~~~~~~~~~~~~_x000D__x000A_</S>
<S S="Error"> + CategoryInfo : MetadataError: (root\cimv2:win32_process:String) [Get-CimInstance], CimException_x000D__x000A_</S>
<S S="Error"> + FullyQualifiedErrorId : HRESULT 0x80041010,Microsoft.Management.Infrastructure.CimCmdlets.GetCimInstanceCommand_x000D__x000A_</S>
<S S="Error"> _x000D__x000A_</S>
</Objs>
Restarting EDIT: restarting the computer was required to finish the fix. Go figure. |
Steps to Reproduce:
Does this issue occur when you try this locally?: This is a connection specific issue
Does this issue occur when you try this locally and all extensions are disabled?: This is a connection specific issue
Attempting to use VSC remote with a remote SSH server on Windows. I've installed the Windows 10 OpenSSH server using Add/Remove features. I can connect to it using my regular Linux host, my WSL host, and native windows ssh.
When I attempt to connect to this host with VSCode, first it asks me what OS i'm using, I enter Windows.
Then it asks for my password. It chugs along for a little while, with the following log output, and then stops with a modal "Could not establish connection to 'arcade.lan'."
Seems unrelated to #2198, I think?
The text was updated successfully, but these errors were encountered: