Setting the Security Levels on a WMI Connection

After you retrieve a pointer to an IWbemServices proxy, you must set the security on the proxy to access WMI through the proxy. You must set the security because the IWbemServices proxy grants access to an out-of-process object. In general, COM security does not allow one process to access another process if you do not set the proper security properties. For more information, see Setting the Security on IWbemServices and Other Proxies. Connections to different operating systems require varying levels of authentication and impersonation. For more information, see Connecting to WMI on a Remote Computer.

The code examples in this topic require the following references and #include statements to compile correctly.

#define _WIN32_DCOM
#include <iostream>
using namespace std;
#include <wbemidl.h>
#pragma comment(lib, "wbemuuid.lib")

The following procedure describes how to set the security levels on a WMI connection.

To set the security levels on a WMI connection

  • Set the security levels on the IWbemServices proxy with a call to CoSetProxyBlanket.

    The following code example describes a common way of calling CoSetProxyBlanket.

        HRESULT hres;
        IWbemServices *pSvc = 0;
        IWbemLocator *pLoc = 0;
    
        // Set the proxy so that impersonation of the client occurs.
        hres = CoSetProxyBlanket(pSvc,
           RPC_C_AUTHN_WINNT,
           RPC_C_AUTHZ_NONE,
           NULL,
           RPC_C_AUTHN_LEVEL_CALL,
           RPC_C_IMP_LEVEL_IMPERSONATE,
           NULL,
           EOAC_NONE
        );
    
        if (FAILED(hres))
        {
            cout << "Could not set proxy blanket. Error code = 0x" 
                 << hex << hres << endl;
           pSvc->Release();
          pLoc->Release();     
            CoUninitialize();
            return hres;      // Program has failed.
        }
    

After you set the security levels for your IWbemServices pointer, you can access the various capabilities of WMI. After you finish using WMI, you must shut down your application. For more information, see Cleaning up and Shutting Down a WMI Application.