Re: Set previlege with Windows Management

From: Willy Denoyette [MVP] (willy.denoyette_at_pandora.be)
Date: 09/17/04 

Date: Fri, 17 Sep 2004 10:14:02 +0200

Yes, setting EnablePrivilege to "true" should 'enable' all privileges
required to execute a specific WMI class methods.
Note that the principal must have been granted the required privilege (see
local security policies).

Note however that this fails when run on .NET v1.1 SP1.

Willy.
PS.Please post System.Management (WMI) related questions to
microsoft.public.dotnet.framework.wmi.

Willy.

"David Shen" <DavidShen@discussions.microsoft.com> wrote in message
news:7B40F4EF-9FFE-4BAE-A93E-8B6F05C902E7@microsoft.com...
> Hi,
>
> Here is text copy/paste from the WMI SDK reference
>
> Use the Win32_OperatingSystem class and the Win32Shutdown method. You must
> include the RemoteShutdown privilege when connecting to WMI. For more
> information, see Executing Privileged Operations. Unlike the Shutdown
> method
> on Win32_OperatingSystem, the Win32Shutdown method allows you to set flags
> to
> control the shutdown behavior.
> strComputer = "atl-dc-01"
> Set objWMIService = GetObject("winmgmts:" _
> & "{impersonationLevel=impersonate,(Shutdown)}!\\" & _
> strComputer & "\root\cimv2")
> Set colOperatingSystems = objWMIService.ExecQuery _
> ("Select * from Win32_OperatingSystem")
> For Each objOperatingSystem in colOperatingSystems
> ObjOperatingSystem.Shutdown(1)
> Next
>
>
> My question is what is the equivalent of
> "{impersonationLevel=impersonate,(Shutdown)}!\\" in .NET/C#. Is setting
> EnablePrivilege = true good enough?
>
> Thanks.

Relevant Pages

  • Re: Getting logged in user from a service?
    ... the service executes the service call, when WMI needs to "enable" a privilege, it' s up to the caller to ask the service to enable the required privilege, the user doesn't need to know the "privilege" required, WMI know which one as it's stored in it's metabase. ... All WMI's security levels are highly customizable, the namespaces are all protected by DACL's you can adjust, you can prevent certain user to access, read, write, execute etc...it's namespaces, if a user is allowed to execute a method, WMI will simply enable or add the privilege when needed on a per call basis. ... Some classes and methods need an impersonation token from the base client, if the token holds a needed privilege to execute or access a namespace class, WMI enables this privilege, when the token misses the privilege, the call fails. ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Getting logged in user from a service?
    ... against the OS services (that is, by directly calling WIN32 Api's) you have to consider a lot of things at "development" time, things like - is the API available on the *target* machine? ... Most of these things are taken care of by the framework and it's underlying services, whatever these are, and in this particular case the underlying service is native WMI in top of Win32. ... I don't see how using .NET Framework exempts you from worrying about security constraints, privileges, etc. ... It might automatically enable a held privilege in your token, ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Getting logged in user from a service?
    ... the service executes the service call, when WMI needs to "enable" a ... privilege, it' s up to the caller to ask the ... user doesn't need to know the "privilege" required, WMI know which one as ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Set previlege with Windows Management
    ... > required to execute a specific WMI class methods. ... > PS.Please post System.Management related questions to ... >> include the RemoteShutdown privilege when connecting to WMI. ... >> control the shutdown behavior. ...
    (microsoft.public.dotnet.general)