Welcome Sign in
Microsoft Developer Network
Click to Rate and Give Feedback
MSDN
MSDN Library
Using WMI
Securing WMI Events
 Providing Events Securely
Providing Events Securely

You can prevent unauthorized users from receiving events to which they should not have access. Your event provider can supply instances of its own event classes, just as the System Registry Provider supplies classes such as RegistryKeyChangeEvent. Your event provider can also deliver intrinsic events such as __InstanceCreationEvent. For more information, see Writing an Event Provider.

An event provider can control access to event recipients in the following ways:

  • Using access control by implementing IWbemEventProviderSecurity::AccessCheck is the most efficient way.

    The provider determines whether the consumer has privileges to receive a requested event. If the consumer lacks sufficient privileges to register, WMI returns an access denied error. Use this mode when the provider can make the decision about who can receive events. For example, a provider may supply security related events and can require that the consumer have administrator privileges with the SeSecurityPrivilege privilege enabled. For examples, see Implementing Access Control.

  • Implementing IWbemEventSink::SetSinkSecurity on the sink used to raise events allows the setting of a security descriptor (SD) on a sink for all the events passing through.

    WMI performs access checks based on the SD. Use this mode when the provider cannot make the decision regarding who is allowed to consume its events, but can decide on an SD for a specific sink. For example, use IWbemEventSink::SetSinkSecurity if your event provider obtained several sinks by calls to IWbemEventSink::GetRestrictedSink and you want a security descriptor for each sink. For examples, see Implementing Sink Security.

  • Setting the SECURITY_DESCRIPTOR property of an event allows for the setting of an SD for each event.

    Use this approach when each event delivered to the sink can have different security descriptors. To use this approach, derive any of the extrinsic event classes defined by your provider from __Event or __ExtrinsicEvent so that your class contains the SECURITY_DESCRIPTOR property. For example, your event provider may publish both secure and normal events through a sink. In this case, use the Administrators account security descriptor for secure events and a NULL security descriptor for normal events that can be received by anyone. For examples, see Setting SD for a Specific Event Type.

Securing Events by Decoupled Event Providers

Decoupled event providers differ from nondecoupled event providers in the way that they register with WMI. The call to IWbemEventProviderSecurity::AccessCheck for events from a decoupled provider never propagates the client access token. WMI handles the access control in the same manner as for nondecoupled event providers. For more information about writing a decoupled provider, see Incorporating a Provider in an Application.

Only administrators with the FULL_WRITE privilege set in WMI Control of the Control Panel are allowed to raise events for a namespace. For more information, see Setting Namespace Security with the WMI Control.

Windows 2000 and Windows NT:   Use IWbemServices::QueryObjectSink to obtain a sink from an IWbemServices proxy object for a namespace.

See Also

Securing WMI Events


Send comments about this topic to Microsoft

Build date: 9/29/2008

Tags What's this?: Add a tag
Community Content   What is Community Content?
Add new content RSS  Annotations
© 2009 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker