Specifying the Server Principal Name
The Kerberos authentication service specifies the server principal name to ensure the identity of the computer to which it is connecting. Specify the server principal name in the call to the scripting method SWbemLocator.ConnectServer by giving the name of the remote computer. In C++, specify the server principal name in the pServerPrincName parameter when calling CoSetProxyBlanket for the proxy. For more information, see Connecting to WMI on a Remote Computer.
This parameter is required for Kerberos to support mutual authentication. However, using the default server principal name does not allow mutual authentication. Clients for which mutual authentication is critical, must specify a server principal name that matches the server identity that the WMI service is using. For more information about setting proxy security and a C++ example showing how to set the server principal name, see Setting the Security on IWbemServices and Other Proxies.
For more information about setting the server principal name in script and Visual Basic, see SWbemLocator.ConnectServer and Connecting to WMI on a Remote Computer.
Unlike most security protocols for Windows Management Instrumentation (WMI) and Component Object Model (COM), you cannot set the server principal in a call to CoInitializeSecurity. However, you can set the server principal with the bstrAuthority parameter for IWbemLocator::ConnectServer, or the pServerPrincName parameter for CoSetProxyBlanket.
The code example in this topic requires the following #include statement to correctly compile.
#include <wbemidl.h>
The following code example shows how to set the server principal name with ConnectServer.
IWbemServices* g_pNameSpace = NULL;
// Namespace to which to connect
BSTR bstrNameSpace =
SysAllocString( L"\\\\MyMachine\\root\default" );
// The bstrAuthority string contains the server
// principal name MyDomain\\MyMachine
// and the authentication service, which is Kerberos.
BSTR bstrAuthority =
SysAllocString( L"kerberos:MyDomain\\MyMachine" );
HRESULT hr = NULL;
IWbemLocator* pWbemLocator = 0;
hr = pWbemLocator->ConnectServer(
bstrNameSpace, // NameSpace name
NULL, // User name
NULL, // Password
NULL, // Locale
0L, // Security flags
bstrAuthority, // Authority, server principal name
NULL, // WBEM context
&g_pNameSpace // Namespace
);
// Free memory resources.
g_pNameSpace->Release();
SysFreeString(bstrNameSpace);
SysFreeString(bstrAuthority);
Related topics
Feedback
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see: https://aka.ms/ContentUserFeedback.
Submit and view feedback for