Security

Updated: January 21, 2005

General information about the security model

Only users in the local Administrators group can start WMIC. The WMI security access model is enforced on any call from WMIC to WMI. The operating system enforces operating system-level security for any operations executed through WMI. For example, you cannot access files through WMI that you cannot access from Windows Explorer.

WMIC is a client for WMI, so all security checks are performed within WMI components. Before connecting to a remote computer, the component uses PING functionality to verify validity of the input (remote computer status).

When WMIC is used in a Telnet, Terminal Services, or similar session, all commands are carried out in the context of the user issuing the command.

WMIC allows extension of Aliases and XSLs. Security is addressed by NTFS which enforces administrator-only credential requirements for accessing WMIC's files.

Except for method parameters, WMIC allows input data only through the /NODE switch. A list of computer nodes can be provided as a text file using the @FileList option. The file and its location should be secured by the Administrator, and the input file should preferably be read from the WBEM directory.

User permissions

No special user permissions are required to run WMIC. Implicitly, to be able to use WMIC, a user needs to have full write access to both the WMIC namespaces and a registry key (HKLM\Software\Microsoft\WBEM).

Authentication and authorization

Authentication and authorization are provided by the system when these resources are opened. They are stored in a secured location and the Discretionary Access Control List (DACL) is used to verify that client has access to them. They are wholly dependent on Distributed Component Object Model (DCOM) security as well as Windows Management (WINMGMT) for remote access in providing it with user name, password, and requested levels. The /AUTHLEVEL switch is used for securing WMIC network traffic. In the Windows Server 2003 family operating systems, the default level is set to PKTPRIVACY providing packet privacy encryption level. You can modify the authentication level using the /AUTHLEVEL switch.

Example:

WMIC /AUTHLEVEL:Pktprivacy /NODE:"testcomputer.microsoft.com" BIOS

Configuration data

The configuration information is stored in the registry and in the WMI repository. The registry configuration holds timestamps and validity of Managed Object Format(MOF)-compiled status for schemas. At the start of each session of WMIC, this is evaluated and WMIC will update the WMI repository when schemas are not valid or were updated by a user.

Miscellaneous

WMIC is a powerful command-line tool that allows you to quickly do any task for which you have permissions. If you are not familiar with the WMI environment, you can use the /INTERACTIVE switch to set a warning for delete operations. For example:

WMI /INTERACTIVE:ON

For information about how WMI validates users, see Managing WMI security .

For more information, see Windows Management Instrumentation Command-line .

Contact Email: Support@upgradenrepair.com

DISCLAIMER:UpgradeNRepair (UNR), the owner, and any representatives of UpgradeNRepair (UNR) is not liable for any data loss or hardware failure because of the following procedure. The Information provided is a guide to assist the customer with an issue with their system or software. The procedures offered here may or may not harm your files. Even procedures that are not designed to harm files, can harm files, depending on the issue with the system. Because there is too many unknowns, UpgradeNRepair is unable to guarantee the safety of the files. Customer is responsible for their data and their actions. Before following the directions on this page and the pages these links are linked to, any data the customer does not want to lose will have to be saved. Saving the data is the sole responsibility of the customer. Some or all of the following procedures or information may not apply to your situation.