GPO that modifies the WMI control Properties Security settings

Discussion:

(too old to reply)

Roger Abell [MVP]

2007-03-02 05:41:57 UTC

Are they wanting you to modify security on the highlighted node ??
ie. root\cimv2 ? to what? you are playing in dangerous ground,
at least relative to the safety of those machines.

I think that the best you will come up with is something caused
to execute from a startup/shutdown script, as far as the capabilities
of GPO to effect changes to security settings in the WMI namespace.

Roger

Hello everyone,
I am currently running a windows 2003 AD domain, with all users running
XP and all servers on windows 2003 server. I am depolying a software that
requires me to modify the WMI control properites security settings on each
server. Is there anyway that I can execute the modification by GPO?
Please see the attached .jpg file which contains a snapshot of the WMI
properties page.
Thank you
Arjumand

Mike Luo [MSFT]

2007-03-02 07:35:36 UTC

Permalink

Hello,

Thank you for using newsgroup!

Unfortunately, there is not an existing policy to modify WMI securities. I
agree with Roger, you may try to use script to modify.

About script issue, it would best be posted to the
Microsoft.public.windows.server.scripting.

Thanks & Regards,

Mike Luo

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Bis-mark

2007-03-02 08:56:03 UTC

Permalink

Thank you very much for your advise,

I agree with you, this process can render the server unstable. Just out of
curiosity I wonder would this be possible by applying a customized security
template instead of using GPO?

Bis-mark

Post by Mike Luo [MSFT]
Hello,
Thank you for using newsgroup!
Unfortunately, there is not an existing policy to modify WMI securities. I
agree with Roger, you may try to use script to modify.
About script issue, it would best be posted to the
Microsoft.public.windows.server.scripting.
Thanks & Regards,
Mike Luo
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Roger Abell [MVP]

2007-03-03 06:04:44 UTC

Permalink

Post by Bis-mark
Thank you very much for your advise,
I agree with you, this process can render the server unstable. Just out of
curiosity I wonder would this be possible by applying a customized
security template instead of using GPO?

Not just unstable, but vulnerable to exploitation !!!
I do not believe a custom adm template could do this, as the
change you want to make is not stored in the registry but
within the wbem system. I am also not sure of an existing
utility that allows altering the security of namespace nodes
via its options.

Roger

Mike Luo [MSFT]

2007-03-06 11:24:43 UTC

Permalink

Hello Bis-mark,

Since those settings aren't base on register, we can't use .adm file to
modify the security. I found some related information, it may be help for
you. Here is the web link:
Changing Access Security on Securable Objects
http://msdn2.microsoft.com/en-us/library/aa384905.aspx

Regards,

Mike Luo

Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security

=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.

Cristopher Abad

2010-11-02 09:06:58 UTC

Permalink

The large companies like <a href="http://vigilonalarmsystem.ca/">vigilon security</a> i worked for had an issue with it.
So can anybody tell me what security companies will let me keep my unkempt beard.

Post by Roger Abell [MVP]
Are they wanting you to modify security on the highlighted node ??
ie. root\cimv2 ? to what? you are playing in dangerous ground,
at least relative to the safety of those machines.
I think that the best you will come up with is something caused
to execute from a startup/shutdown script, as far as the capabilities
of GPO to effect changes to security settings in the WMI namespace.
Roger

Post by Roger Abell [MVP]
Not just unstable, but vulnerable to exploitation !!!
I do not believe a custom adm template could do this, as the
change you want to make is not stored in the registry but
within the wbem system. I am also not sure of an existing
utility that allows altering the security of namespace nodes
via its options.
Roger

Post by Mike Luo [MSFT]
Hello Bis-mark,
Since those settings aren't base on register, we can't use .adm file to
modify the security. I found some related information, it may be help for
Changing Access Security on Securable Objects
http://msdn2.microsoft.com/en-us/library/aa384905.aspx
Regards,
Mike Luo
Microsoft Online Partner Support
Get Secure! - www.microsoft.com/security
=====================================================
When responding to posts, please "Reply to Group" via your newsreader so
that others may learn and benefit from your issue.
=====================================================
This posting is provided "AS IS" with no warranties, and confers no rights.
Submitted via EggHeadCafe - Software Developer Portal of Choice
Flat file Database with LINQ and ASP.NET jQuery Page Methods
http://www.eggheadcafe.com/tutorials/aspnet/c8c43191-c3a3-4c61-801a-2433a701f4f6/flat-file-database-with-linq-and-aspnet-jquery-page-methods.aspx