Securing WMI Namespaces

Access to WMI namespaces and their data is controlled by security descriptors. You can protect data in your namespaces by adjusting the namespace security descriptor to control who has access to the data and methods. For more information, see Access to WMI Securable Objects.

The following topics describe WMI namespace security and how to control access to namespaces.

Access to WMI Namespaces

WMI namespace security relies on standard Windows user security identifiers (SIDs) and access control lists. Administrators and users have different default permissions.

Setting Namespace Security Descriptors

After a namespace exists in the WMI repository, you can change the security on the namespace by using the WMI Control or by calling the methods of __SystemSecurity.

Requiring an Encrypted Connection to a Namespace

The RequiresEncryption qualifier on a namespace requires the WMI client application or script to use the authentication level which encrypts remote procedure calls. Both incoming data requests and asynchronous callbacks must be encrypted.

Establishing Inheritance of Namespace Security

You can control whether a child namespace inherits the security descriptor of the parent namespace.

Maintaining WMI Security

Connecting to WMI on a Remote Computer

Creating a Namespace with the WMI API

WMI Security Descriptor Objects