SWbemSecurity.AuthenticationLevel property

The AuthenticationLevel property is an integer that defines the COM Authentication level that is assigned to this object. This setting determines how you protect information sent from WMI. For more information about authentication levels, see Setting Client_Application_Process Security. In general, it is not necessary to set the authentication level when making WMI API calls. If you do not set this property, the default COM Authentication level for your system is used.

For an explanation of this syntax, see Document Conventions for the Scripting API.

This property is read/write.


SWbemSecurity.AuthenticationLevel As Integer

Property value


The authenticationLevel setting enables you to request the level of DCOM authentication and privacy to be used throughout a connection. Settings range from no authentication to per-packet encrypted authentication.


Does not use any authentication. All security settings are ignored.


Uses a standard security negotiation to select an authentication level. This is the recommended setting because the client involved in the transaction will be negotiated to the authentication level specified by the server.

DCOM will not select the value None during a negotiation session.


Authenticates the credentials of the client only when the client tries to connect to the server. After a connection has been made, no additional authentication checks take place.


Authenticates the credentials of the client only at the beginning of each call, when the server receives the request. The packet headers are signed, but the data packets exchanged between the client and the server are neither signed nor encrypted.


Authenticates that all data packets are received from the expected client. Similar to Call; packet headers are signed but not encrypted. Packets themselves are neither signed nor encrypted.


Authenticates and verifies that none of the data packets transferred between the client and the server have been modified. Every data packet is signed, ensuring that the packets have not been modified during transit. None of the data packets are encrypted.


Authenticates all previous impersonation levels and signs and encrypts each data packet. This ensures that all communication between the client and the server is confidential.


You can set the authentication level of the SWbemServices, SWbemObject, SWbemObjectSet, SWbemObjectPath, and SwbemLocator objects by setting the AuthenticationLevel property to the desired value.

The following example shows how to set the authentication level for an SwbemObject object.

objinstance.Security_.AuthenticationLevel = wbemAuthenticationLevelPkt

You can also specify authentication levels as part of a moniker. The following example sets the authentication level and the impersonation level, and retrieves an instance of Win32_LogicalDisk.

Set objinst = GetObject("WinMgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!root/cimv2:Win32_LogicalDisk='c:'")


Minimum supported client

Windows Vista

Minimum supported server

Windows Server 2008

Type library








See also

Setting Client_Application_Process Security