Microsoft Identity Integration Server 2003 Developer Reference |
By default, calls to the WMI Provider use the default Windows authentication setting. While this setting permits only authorized users to use the WMI provider, calls that are sent on the network are not encrypted. If you are calling into WMI remotely, this means the data sent between your client and the MIIS server is in cleartext on the network. To protect the data, encrypt any data that is sent on the network by setting the authentication level in the WMI provider call.
You can set the authentication level by using the optional security settings component of the WMI moniker with the appropriate WbemAuthenticationLevelEnum enumeration constant.
Note Setting the authentication level is a request rather than a command; the server might not honor the request.
The WbemAuthenticationLevelEnum enumeration constants determine the authentication level of the service object. To authenticate all previous impersonation levels and sign and encrypt each data packet, use the WbemAuthenticationLevelPktPrivacy constant.
This topic contains examples that enable security in scripts.
The following Visual Basic Scripting Edition (VBScript) example shows how to create a service object with the recommended authentication level on a local server.
Option Explicit Const PktPrivacy = 6 Dim Service Set Service = GetObject(“winmgmts:{authenticationLevel=PktPrivacy}!root\MicrosoftIdentityIntegrationServer) '* Start your script here.
The following VBScript example shows how to create a service object with the recommended authentication level on a remote server. The script uses the credentials of the current user.
Replace MyServer with the name of the remote server.
Option Explicit Const WbemAuthenticationLevelPktPrivacy = 6 Dim Locator Dim Service Set Locator = CreateObject("WbemScripting.SWbemLocator") Locator.Security_.AuthenticationLevel = WbemAuthenticationLevelPktPrivacy Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer") '* Start your script here.
The following VBScript example shows how to create a service object with the recommended authentication level on a remote server. The script uses the alternative credentials of the current user.
Option Explicit Const WbemAuthenticationLevelPktPrivacy = 6 Dim Locator Dim Service Set Locator = CreateObject("WbemScripting.SWbemLocator") Locator.Security_.AuthenticationLevel = WbemAuthenticationLevelPktPrivacy Set Service = Locator.ConnectServer("MyServer", "root\MicrosoftIdentityIntegrationServer", “Domain\Me”, “MyPassword”) '* Start your script here.
Replace the following placeholder terms with the specified information:
Because this script contains a user name and password, store the script in a secure folder that has the same security level as the Microsoft Identity Integration Server 2003 folder. Limit access to this folder.
Note We do not recommend storing user credentials in a script. If you need to run a script under a different user context, in most cases you should use the runas command to run the script. For more information, see Creating Scripts to Run Management Agents.
WbemAuthenticationLevelEnum, Setting Client Application Process Security, Setting the Default Process Security Level Using VBScript, Connecting to WMI on a Remote Computer, Connecting to the WMI Service, Creating Scripts to Run Management Agents