SWbemSecurity.AuthenticationLevel property

The AuthenticationLevel property is an integer that defines the COM Authentication level that is assigned to this object. This setting determines how you protect information sent from WMI. For more information about authentication levels, see Setting Client_Application_Process Security. In general, it is not necessary to set the authentication level when making WMI API calls. If you do not set this property, the default COM Authentication level for your system is used.

For an explanation of this syntax, see Document Conventions for the Scripting API.

This property is read/write.


SWbemSecurity.AuthenticationLevel As Integer

Property value


The authenticationLevel setting enables you to request the level of DCOM authentication and privacy to be used throughout a connection. Settings range from no authentication to per-packet encrypted authentication.

Value Description
None Does not use any authentication. All security settings are ignored.
Default Uses a standard security negotiation to select an authentication level. This is the recommended setting because the client involved in the transaction will be negotiated to the authentication level specified by the server.
DCOM will not select the value None during a negotiation session.
Connect Authenticates the credentials of the client only when the client tries to connect to the server. After a connection has been made, no additional authentication checks take place.
Call Authenticates the credentials of the client only at the beginning of each call, when the server receives the request. The packet headers are signed, but the data packets exchanged between the client and the server are neither signed nor encrypted.
Pkt Authenticates that all data packets are received from the expected client. Similar to Call; packet headers are signed but not encrypted. Packets themselves are neither signed nor encrypted.
PktIntegrity Authenticates and verifies that none of the data packets transferred between the client and the server have been modified. Every data packet is signed, ensuring that the packets have not been modified during transit. None of the data packets are encrypted.
PktPrivacy Authenticates all previous impersonation levels and signs and encrypts each data packet. This ensures that all communication between the client and the server is confidential.

You can set the authentication level of the SWbemServices, SWbemObject, SWbemObjectSet, SWbemObjectPath, and SwbemLocator objects by setting the AuthenticationLevel property to the desired value.

The following example shows how to set the authentication level for an SwbemObject object.

objinstance.Security_.AuthenticationLevel = wbemAuthenticationLevelPkt

You can also specify authentication levels as part of a moniker. The following example sets the authentication level and the impersonation level, and retrieves an instance of Win32_LogicalDisk.

Set objinst = GetObject("WinMgmts:{impersonationLevel=impersonate,authenticationLevel=pktPrivacy}!root/cimv2:Win32_LogicalDisk='c:'")


Requirement Value
Minimum supported client
Windows Vista
Minimum supported server
Windows Server 2008
Type library

See also

Setting Client_Application_Process Security