Get-Service command giving me the error Cannot open Service Control Manager on computer 'xx'. This operation might require other privileges

Question

I am trying to disable MicrosoftMonitoringAgent on VM. I am using Automation account system assigned managed identity which has virtual machine contributor role. I am executing the below command using runbook.

Get-Service -Computer $vmName -Name $service

I am getting the error Cannot open Service Control Manager on computer 'xx'. This operation might require other privileges.

What permissions do I need or enable anything so the command works.

Answer 1

Get-Service command giving me the error Cannot open Service Control Manager on computer 'xx'. This operation might require other privileges.

The error encountered is due to insufficient permissions on the VM. To stop the services on the VM, you may require local admin access.

The Virtual Machine Contributor role does not have local admin access. To obtain local admin privileges on a VM, you must assign both the Virtual Machine Administrator Login for Local admin and Virtual Machine Contributor role for Microsoft.Compute/virtualMachines/runCommand/write permission, or alternatively, create a custom role with the required permissions.

 $scriptContent = @"
 Set-Service -name "AzureMonitorAgent" -startupType disabled
"@  
az vm run-command invoke --command-id RunPowerShellScript --name "Venkat-windows" -g 'Venkat' --scripts "$scriptContent"

Output:

After executing the script, the AzureMonitorAgent service has been successfully disabled on the Azure VM.

Reference: Limiting access to Run Command

Virtual Machine Administrator Login