Securing WMI Namespaces
Access to WMI namespaces and their data is controlled by security descriptors. You can protect data in your namespaces by adjusting the namespace security descriptor to control who has access to the data and methods. For more information, see Access to WMI Securable Objects.
The following topics describe WMI namespace security and how to control access to namespaces.
- Access to WMI Namespaces
WMI namespace security relies on standard Windows user security identifiers (SIDs) and access control lists. Administrators and users have different default permissions.
- Setting Namespace Security Descriptors
After a namespace exists in the WMI repository, you can change the security on the namespace by using the WMI Control or by calling the methods of __SystemSecurity.
- Requiring an Encrypted Connection to a Namespace
The RequiresEncryption qualifier on a namespace requires the WMI client application or script to use the authentication level which encrypts remote procedure calls. Both incoming data requests and asynchronous callbacks must be encrypted.
- Establishing Inheritance of Namespace Security
You can control whether a child namespace inherits the security descriptor of the parent namespace.
- Maintaining WMI Security
- Connecting to WMI on a Remote Computer
- Creating a Namespace with the WMI API
- WMI Security Descriptor Objects