Microsoft Identity Integration Server 2003 Developer Reference

Enabling Security in Scripts

By default, calls to the WMI Provider use the default Windows authentication setting. While this setting permits only authorized users to use the WMI provider, calls that are sent on the network are not encrypted. If you are calling into WMI remotely, this means the data sent between your client and the MIIS server is in cleartext on the network. To protect the data, encrypt any data that is sent on the network by setting the authentication level in the WMI provider call.

You can set the authentication level by using the optional security settings component of the WMI moniker with the appropriate WbemAuthenticationLevelEnum enumeration constant.

Note  Setting the authentication level is a request rather than a command; the server might not honor the request.

The WbemAuthenticationLevelEnum enumeration constants determine the authentication level of the service object. To authenticate all previous impersonation levels and sign and encrypt each data packet, use the WbemAuthenticationLevelPktPrivacy constant.

This topic contains examples that enable security in scripts.

Enabling Security on a Local System

The following Visual Basic Scripting Edition (VBScript) example shows how to create a service object with the recommended authentication level on a local server.

Option Explicit

Const PktPrivacy = 6

Dim Service

Set Service = GetObject(“winmgmts:{authenticationLevel=PktPrivacy}!root\MicrosoftIdentityIntegrationServer)

'* Start your script here.

Enabling Security on a Remote System Using the Current User Credentials

The following VBScript example shows how to create a service object with the recommended authentication level on a remote server. The script uses the credentials of the current user.

Replace MyServer with the name of the remote server.

Option Explicit
Const WbemAuthenticationLevelPktPrivacy = 6

Dim Locator
Dim Service

Set Locator = CreateObject("WbemScripting.SWbemLocator")
Locator.Security_.AuthenticationLevel = WbemAuthenticationLevelPktPrivacy
Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer")

'* Start your script here.

Enabling Security on a Remote System Using Alternative Credentials

The following VBScript example shows how to create a service object with the recommended authentication level on a remote server. The script uses the alternative credentials of the current user.

Option Explicit
Const WbemAuthenticationLevelPktPrivacy = 6

Dim Locator
Dim Service

Set Locator = CreateObject("WbemScripting.SWbemLocator")
Locator.Security_.AuthenticationLevel = WbemAuthenticationLevelPktPrivacy
Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer", “Domain\Me”, “MyPassword”)

'* Start your script here.

Replace the following placeholder terms with the specified information:

Because this script contains a user name and password, store the script in a secure folder that has the same security level as the Microsoft Identity Integration Server 2003 folder. Limit access to this folder.

Note  We do not recommend storing user credentials in a script. If you need to run a script under a different user context, in most cases you should use the runas command to run the script. For more information, see Creating Scripts to Run Management Agents.

See Also

WbemAuthenticationLevelEnum, Setting Client Application Process Security, Setting the Default Process Security Level Using VBScript, Connecting to WMI on a Remote Computer, Connecting to the WMI Service, Creating Scripts to Run Management Agents