Application Center and WMI Security
The section discusses some points related to Application Center, Windows Management Instrumentation (WMI), Microsoft Health Monitor 2.1, and security.
Any authenticated user can read the Application Center and Health Monitor namespaces, but only an administrator and the cluster user group account, which is identified by ACA_ machine_name can write to the Application Center and Health Monitor namespaces (that is, create an instance of existing classes or new classes).
On the Windows 2000 operating system, WMI does not distinguish between local and remote access. Remote connection to a given WMI namespace is a separate user right that might or might not be granted by the system administrator.
Warning With a remote connection, a user can specify a user name and password as a substitute for their current user name and password. If authenticated, the user can access the target namespace. (With a local connection, you cannot override the current user name and password.) If you want to control access to a namespace, you must do it with user rights.
If a HTTP monitor is created in Health Monitor that uses authentication, the user name and password are stored in the WMI repository and are readable by all users. For this reason, you should use only low-privileged test accounts for monitoring.
For more information about Application Center monitoring, see Monitoring a Cluster.
For more information about WMI, see the Windows 2000 Help.
Did you find this information useful? Please send your suggestions and comments about the documentation to