Using the COM API

The first step in connecting to WMI is setting the general COM security levels with a call to the CoInitializeSecurity. If you do not make an explicit call to CoInitializeSecurity, COM calls it implicitly with values from the registry. However, the registry values may have lower settings for impersonation and authentication that do not provide the security required for WMI.

CoInitializeSecurity is a standard function you must call when setting up a COM interface for a process. Call CoInitializeSecurity if you want to set the default security settings for authentication, impersonation, or authentication service for an entire process. If you want to set or change the security for a specific proxy, you must call CoSetProxyBlanket. Use CoSetProxyBlanket whenever you must set or change COM security when running inside another process where you cannot control the default security settings for authentication, impersonation, or authentication service.

The following code example describes how to call CoInitializeSecurity to set COM security on the process.

DIM hr AS LONG

hr = CoInitializeSecurity( _

   BYVAL %NULL, _                   ' PSECURITY_DESCRIPTOR

   -1, _                            ' COM authentication

   BYVAL %NULL, _                   ' Authentication services

   %NULL, _                         ' Reserved

   %RPC_C_AUTHN_LEVEL_DEFAULT, _    ' Default authentication

   %RPC_C_IMP_LEVEL_IMPERSONATE, _  ' Default Impersonation

   BYVAL %NULL, _                   ' Authentication info

   %EOAC_NONE, _                    ' Additional capabilities

   %NULL _                          ' Reserved

   )

The next step is to connect to WMI through a call to the IWbemLocator.ConnectServer method. The ConnectServer method returns a proxy of an IWbemServices interface. Through IWbemServices, you can access the different capabilities of WMI.

The following code example describes how to initialize IWbemLocator.

DIM pIWbemLocator AS IWbemLocator

hr = CoCreateInstance( _

   $CLSID_WbemLocator, _      ' Interface's CLSID

   NOTHING, _                 ' Aggregation

   %CLSCTX_INPROC_SERVER, _   ' Context

   $IID_IWbemLocator, _       ' Interface's IID

   pIWbemLocator _            ' Interface pointer

   )

The following code example describes how to call ConnectServer.

DIM pIWbemServices AS IWbemServices

DIM bstrPath AS STRING

bstrPath = UCODE$("root\cimv2")

hr = pIWbemLocator.ConnectServer( _

   STRPTR(bstrPath), _   ' Object path of WMI namespace

   %NULL, _              ' User name. NULL = current user

   %NULL, _              ' User password. NULL = current

   %NULL, _              ' Locale. NULL indicates current

   0, _                  ' Security flags

   %NULL, _              ' Authority (e.g. Kerberos)

   NOTHING, _            ' Context object

   pIWbemServices _      ' pointer to IWbemServices proxy

   )

After you retrieve a pointer to an IWbemServices proxy, you must set the security on the proxy to access WMI through the proxy. You must set the security because the IWbemServices proxy grants access to an out-of-process object. In general, COM security does not allow one process to access another process if you do not set the proper security properties. Connections to different operating systems require varying levels of authentication and impersonation.

The following procedure describes how to set the security levels on a WMI connection.

hr = CoSetProxyBlanket( _

   pIWbemServices, _                ' Indicates the proxy to set

   %RPC_C_AUTHN_WINNT, _            ' RPC_C_AUTHN_xxx

   %RPC_C_AUTHZ_NONE, _             ' RPC_C_AUTHZ_xxx

   %NULL, _                         ' Server principal name

   %RPC_C_AUTHN_LEVEL_CALL, _       ' RPC_C_AUTHN_LEVEL_xxx

   %RPC_C_IMP_LEVEL_IMPERSONATE, _  ' RPC_C_IMP_LEVEL_xxx

   %NULL, _                         ' client identity

   %EOAC_NONE _                     ' proxy capabilities

   )

After you set the security levels for your IWbemServices pointer, you can access the various capabilities of WMI.