WMI Instrumentation and Permissions

If you instrument your code with System.Management.Instrumentation you’ll have to adjust permissions if non-admin or non-local system/network/local service code wants to publish information.

If you run installutil provider.dll from the command line you’ll find the generated MOF file under system32wbemframeworkrootyour-provider-namespace

you have to edit the MOF file as follows:

class MSFT_DecoupledProvider : __Win32Provider
  string CLSID = “{……….some class GUID………..}”;
  uint32 Version = 1;
  string HostingModel = “Decoupled:Com”;
  // Remove the SecurityDescriptor attribute here


instance of WMINET_ManagedAssemblyProvider
  HostingModel = “Decoupled:Com”;
  Name = “yourEventProviderName”;
  // Add a security descriptor in SDDL format – see the Platform SDK for
  // correct format
  // Here a sample that grants access to the intrinsic Users group
  SecurityDescriptor = “O:BUG:BUD:(A;;0x1;;;BU)”;

then run mofcomp manually.

sounds like big fun ??

Keith wrote a tool to compose SDDL strings – you can find it here.


This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s