WMI Security

Microsoft® Windows® 2000 Scripting Guide

WMI is an extremely powerful technology for system administration. It is also a versatile technology: It is just as easy to run scripts against remote computers as it is to run scripts against the local computer. Furthermore, WMI scripts can be written using nothing more powerful (or expensive) than Notepad. This makes WMI the perfect technology for system administrators. It would also appear to make WMI the perfect technology for someone else: hackers. After all, how hard would it be to create a script that methodically shuts down each computer in your organization, one by one?

In truth, it would be easy to write such a script; however, successfully running this script would be far more difficult. This is because security is an important part of the WMI infrastructure; in fact, WMI has been specifically designed to prevent people from carrying out activities such as this (either inadvertently or otherwise).

For example, suppose a hacker tried to shut down one of your computers using WMI. This attempt will fail. Why? Because only an administrator can run a script against a remote computer. Unless the hacker is an administrator on the computer, he or she will not be able to shut it down by using WMI. (And of course, if the hacker is an administrator, he or she can cause plenty of trouble without bothering to write a script.)

But what if the hacker e-mails a shutdown script to users and somehow tricks these users into shutting down their local computers? Even this is likely to fail: For the most part, running a WMI script that actually does something requires you to be an administrator and to have specific privileges. In most organizations, users do not have the right to shut down a computer; therefore, if they inadvertently run a script that tries to shut down their computer, the script will fail. Why? Because, by default, WMI can carry out only those tasks that the person running the script can carry out.

WMI security is an extension of the security subsystem built into Windows operating systems. WMI security includes:

  • WMI namespace-level security.

  • Distributed COM (DCOM) security.

  • Standard Windows NTbased Windows operating system security.