INF DDInstall.WMI section
An INF DDInstall.WMI section contains one or more WMIInterface directives that specify characteristics for each WMI class that the driver provides.
[install-section-name.WMI] |
[install-section-name.nt.WMI] |
[install-section-name.ntx86.WMI] |
[install-section-name.ntia64.WMI] | (Windows XP and later versions of Windows)
[install-section-name.ntamd64.WMI] | (Windows XP and later versions of Windows)
[install-section-name.ntarm.WMI] | (Windows 8 and later versions of Windows)
[install-section-name.ntarm64.WMI] (Windows 10 version 1709 and later versions of Windows)
WMIInterface={WmiClassGUID},[flags,]WMI-class-section
Entries
WmiClassGUID
Specifies a GUID value that identifies a WMI class.
flags
Specifies one of the following bitmask flags:
0x00000001 (SCWMI_CLOBBER_SECURITY)
If set, and if a security descriptor already exists in the registry, the existing security descriptor is replaced by the one specified in the INF file. If not set, and if a security descriptor already exists in the registry, the existing security descriptor is used instead of the one specified in the INF file.
WMI-class-section Specifies an INF file section that contains directives for setting characteristics of the WMI class.
The following directives can be specified within a WMI-class-section:
Security="security-descriptor-string"
Specifies a security descriptor that will be stored in the registry and applied to the GUID that is specified by WmiClassGUID. This security descriptor specifies the permissions that are required to access data blocks associated with the class. The security-descriptor-string value is a string with tokens that indicate the DACL (D:) security component.
Only one Security entry can be present. If more than one Security entry is present, security is not set for the WMI class.
Remarks
The INF DDInstall.WMI section is available on Microsoft Windows Server 2003 and later versions of the operating system.
A security descriptor is associated with every WMI GUID. For Windows XP and earlier operating system versions, the default security descriptor for WMI GUIDs allows full access to all users. For Windows Server 2003 and later versions, the default security descriptor allows access only to administrators.
If your driver defines WMI classes, and if you do not want to use the default descriptor, include a DDInstall.WMI section to specify a security descriptor that is stored in the registry and overrides the system's default descriptor.
For more information about how to specify security descriptors in INF files, see Creating Secure Device Installations.
Examples
The following example shows a single DDInstall.WMI section that contains two WMIInterface directives. Each directive identifies a WMI class and specifies a WMI-class-section for the class.
[InstallA.NT.WMI]
WMIInterface = {99999999-4cf9-11d2-ba4a-00a0c9062910},,WMISecurity1
WMIInterface = {99999998-4cf9-11d2-ba4a-00a0c9062910},1,WMISecurity2
[WmiSecurity1]
security = "O:BAG:BAD:(A;;0x120fff;;;BA)(A;;CC;;;WD)(A;;0x120fff;;;SY)"
[WmiSecurity2]
security = "O:BAG:BAD:(A;;0x120fff;;;BA)(A;;CC;;;WD)(A;;0x120fff;;;SY)"
See also
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for