We help IT Professionals succeed at work.

Security Concern | WMI Connection to Remote Computer

seshuakella asked
Hi Experts,

Please help me understand how the authentication happens when I invoke a WMI connection on remote computer using User Credentials. I am expecting WMI to encrypt credentials when a connection is made to the remote computer.

The code snippet section has the .NET 4.0 Code that is trying to establish a connection to the remote computer to query some Registry Information.

The user would key-in his Domain User Name and Password in the front-end and the code segment below would establish a WMI connection to Remote Computer.

Key Questions that I have are?
1. Is this the secure way of passing user name and password while connecting to Remote WMI?
2. Does this connection to Remote Computer in anyway is Encrypted? (I expected it to be)
3. Is there a possibility for an eves dropper to get hold of the user credentials?
Dim objManagementClass As ManagementClass
Dim ObjManagementBaseObject As ManagementBaseObject
Dim connection As New ConnectionOptions

connection = New ConnectionOptions
connection.Username = txtUID.Text
connection.Password = txtPassword.Text
connection.Authority = "ntlmdomain:" + Domain.SelectedValue ‘ Updating User Domain 
Scope = New ManagementScope("\\" + StrServer + "\root\Default", connection) ‘Connecting to default namespace on remote server
Scope.Options.EnablePrivileges = True
Scope.Options.Impersonation = ImpersonationLevel.Impersonate
Perform the WMI Query
Connection = Nothing
txtUID.text = “”
txtPassword.text = “”

Open in new window

Watch Question

Most Valuable Expert 2012
Top Expert 2014

Most Valuable Expert 2012
Top Expert 2014
Check the last option in enum


Set the authentication level to RPC_C_AUTHN_LEVEL_PKT_PRIVACY or 6 if the namespace to which you are connecting on the remote computer requires an encrypted connection before it will return data. You can also use this authentication level, even if the namespace does not require it. This ensures that data is encrypted as it crosses the network.



This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.