Managing WMI security
Applies To: Windows 7, Windows 8, Windows Server 2008 R2, Windows Server 2012
Windows Management Instrumentation (WMI) supports a limited form of security that validates each user before the user is allowed to connect to WMI, on a remote or local computer. This security is layered on top of operating system security. WMI does not override or circumvent security provided by the operating system.
By default, only the local computer Administrator account has full control of the WMI services on the computer that is being managed. Members of the Administrators group have access to remote computers, but may not have access to all data. All others have read/write/execute permissions on their local computer only.
Permissions can be changed by adding a user to the Administrators group on the managed computer or by authorizing users or groups in WMI and setting their permission level. Access is based on WMI namespaces.
Security is checked only when a user connects to the WMI service and a namespace. Thus, any changes made to a user's permissions while the user is connected do not take effect until the next time the user connects to the WMI service. For example, if a user's access is revoked, the changes do not take effect until the user exits from WMI and attempts to connect to the service again.