Securing C++ Clients and Providers

Both C++ providers and client applications must perform many of the same operations to maintain WMI security.

Client applications must set DCOM impersonation and authentication levels correctly when connecting to WMI. Callbacks from asynchronous calls have security risks, so client applications must perform access checks to ensure the callback is from a trusted source. Clients need to secure both temporary and permanent event consumers.

A provider may perform access checks to ensure that the resources it creates are only accessed by appropriate clients.

Both providers and clients also can set the security on a specific proxy connection. Both can also enable privileges. An event provider must ensure that the client consumer has privileges to receive a requested event.

Either a client or provider may need to make a remote connection that requires a different authentication service, NTLM instead of Kerberos for example.