configuration Sample {
    Import-DSCResource -ModuleName WmiNamespaceSecurity
    WMINamespaceSecurity Jason {
        Path = "root/cimv2"
        Principal = "Jason"
        AppliesTo = "Self"
        AccessType = "Allow"
        Permission = "Enable", "MethodExecute", "ProviderWrite"
        Ensure = "Present"
    }
    WMINamespaceSecurity Steve {
        Path = "root/cimv2"
        Principal = "Contoso\Steve"
        AppliesTo = "Children"
        AccessType = "Deny"
        Permission = "Enable", "MethodExecute", "ProviderWrite", "RemoteAccess"
        Ensure = "Present"
    }
}

Here, I’m allowing a local user called Jason access to the root/cimv2 namespace and denying a domain user called Steve from the same namespace. This configuration should be much easier to read and maintain. Once you’ve authored your configuration document, you can execute it like a function and start DSC to apply the resulting mof:

. .\Sample.ps1
Sample -OutputPath c:\temp
Start-DSCConfiguration -Path c:\temp -Wait -Verbose -Force

If you want to try the sample, be sure to change the principals to real user accounts in your environment, otherwise you’ll get an error when you use Start-DSCConfiguration and this DSC resource gets executed. Please provide feedback, reports bugs, or submit changes as pull requests as issues in the GitHub repository. If you just want to use this resource, you can install it from the PowerShell Gallery:

Install-Module WmiNamespaceSecurity -Scope AllUsers
# AllUsers is needed for DSC Local Configuration Manager (LCM) which runs as LocalSystem

Steve Lee Principal Software Engineer Manager PowerShell Core