Edit

Executing Privileged Operations Using VBScript

  • Article

If you use the scripting API for WMI, you can set specific security privileges. For example, you can set the security privileges to request an operating system shutdown, or to examine the security event log. For more information, see Running with Special Privileges.

You only need to set privileges when you are accessing WMI on your computer. When you are accessing a remote host, COM RPC automatically sets the privileges. To determine all the required privileges, consult the documentation for the specific WMI classes that you want to access, such as Win32_OperatingSystem. For more information, see WbemPrivilegeEnum

The following sections are discussed in this topic:

Setting a Privilege from the Security_ Object

Use the following procedure to set security privileges in Visual Basic.

To set privileges in Visual Basic

  1. Create an object of type SWbemLocator.

  2. Add the new privilege to the SWbemLocator.Security_ object.

    The Security_ object contains an SWbemObjectSet collection. The objects in the set are SWbemSecurity objects. For more information, see Accessing a Collection.

  3. Log on to WMI and retrieve an SWbemServices object.

    The SWbemServices object inherits the privilege that is set in the previous step.

You can also set a privilege using the SWbemPrivilegeSet.AddAsString method.

Setting a Privilege as Part of a Moniker

You can set a privilege as part of a moniker.

The following example shows you how to add a debug privilege to a moniker.

Set Service = GetObject("winmgmts:{impersonationLevel=impersonate, (Debug)}")

Revoking and Resetting Privileges

The following example shows you how to set the SeDebugPrivilege privilege, and revoke the SeRemoteShutdownPrivilege privilege.

Set Service = GetObject("winmgmts:{impersonate,(Debug,!RemoteShutdown)}")

Privilege Constants

Executing Privileged Operations