What should you do in WMI Control in the Computer Management console?

You create a Windows Communication Foundation (WCF) service. It is deployed on Microsoft Internet Information Services (IIS)
with an application pool running as Network Service. You enable WMI tracing before launching the service.
Your IT support staff adds WMI data collection through ASP.NET WMI tracing.

You need to restrict the collection of WMI data to a privileged account.
What should you do in WMI Control in the Computer Management console?

You create a Windows Communication Foundation (WCF) service. It is deployed on Microsoft Internet Information Services (IIS)
with an application pool running as Network Service. You enable WMI tracing before launching the service.
Your IT support staff adds WMI data collection through ASP.NET WMI tracing.

You need to restrict the collection of WMI data to a privileged account.
What should you do in WMI Control in the Computer Management console?

A.
– Select the Root\ServiceModel namespace.
– Remove Enable account permission for the Network Service account.
– Add a custom user and grant that user Enable account permission.

B.
– Select the Root\aspnet namespace.
– Remove Enable account permission for the Network Service account.
– Add a custom user and grant that user Enable account permission.

C.
– Select the Root\aspnet namespace.
– Remove Enable account permission for the Local System account.
– Add a custom user and grant that user Enable account permission.

D.
– Select the Root\Security namespace.
– Remove Enable account permission for the Local System account.

Explanation:
Tracing WMI Activity
(http://msdn.microsoft.com/en-us/library/windows/desktop/aa826686(v=vs.85).aspx)

Using Windows Management Instrumentation for Diagnostics
(http://msdn.microsoft.com/en-us/library/ms735120.aspx)

Security
By default, the WCF WMI provider grants “execute method”, “provider write”, and “enable account” permission for Administrator,
and “enable account” permission for ASP.NET, Local Service and Network Service. In particular, on non-Windows Vista platforms,
the ASP.NET account has read access to the WMI ServiceModel namespace. If you do not want to grant these privileges to
a particular user group, you should either deactivate the WMI provider (it is disabled by default), or disable access for the specific user group.

In addition, when you attempt to enable WMI through configuration, WMI may not be enabled due to insufficient user privilege.
However, no event is written to the event log to record this failure.

To modify user privilege levels, use the following steps:
1. Click Start and then Run and type compmgmt.msc.
2. Right-click Services and Application/WMI Controls to select Properties.
3. Select the Security Tab, and navigate to the Root/ServiceModel namespace. Click the Security button.
4. Select the specific group or user that you want to control access and use the Allow or Deny checkbox to configure permissions.



Leave a Reply 1

Your email address will not be published. Required fields are marked *