If you instrument your code with System.Management.Instrumentation you’ll have to adjust permissions if non-admin or non-local system/network/local service code wants to publish information.

If you run installutil provider.dll from the command line you’ll find the generated MOF file under system32wbemframeworkrootyour-provider-namespace

you have to edit the MOF file as follows:

class MSFT_DecoupledProvider : __Win32Provider
{
  string CLSID = “{……….some class GUID………..}”;
  uint32 Version = 1;
  string HostingModel = “Decoupled:Com”;
  // Remove the SecurityDescriptor attribute here
};

and

instance of WMINET_ManagedAssemblyProvider
{
  HostingModel = “Decoupled:Com”;
  Name = “yourEventProviderName”;
  // Add a security descriptor in SDDL format – see the Platform SDK for
  // correct format
  // Here a sample that grants access to the intrinsic Users group
  SecurityDescriptor = “O:BUG:BUD:(A;;0x1;;;BU)”;
};

then run mofcomp manually.

sounds like big fun ??

Keith wrote a tool to compose SDDL strings – you can find it here.