Application Compatibility: WMI Providers: Default Security Hosting Model
WMI Providers: Default Security Hosting Model
Brief Description
The default HostingModel value for WMI providers has changed from LocalSystem to NetworkServiceHost.
Under previous versions of Windows (prior to Windows Vista® and Windows Server® 2008), if the HostingModel value of a WMI provider (__Win32Provider.HostingModel property) was unspecified, it was defaulted to LocalSystem. Because LocalSystem is a highly privileged account, the WMI provider running in this security context exposes the operating system to a risk of elevation of privileges depending on the provider code quality and testing.
For most cases LocalSystem is unnecessary, and the NetworkServiceHost context is more appropriate. This case is especially true because most WMI Providers must impersonate (ImpersonationLevel=1) the client security context to perform the requested operations on behalf of the WMI client.
Manifestation
If a WMI provider lacks a definition for hosting model and executes as if it is running under the LocalSystem level, it will not run properly.
Remedies
The expected hosting model must be changed to ensure that the WMI provider code performs the operations in the client security context by impersonating the WMI client. Cases that require the LocalSystem security context are extremely rare; however, if LocalSystem is an absolute requirement, specify the hosting model explicitly with the HostingModel=LocalSystemHost statement in the provider MOF file.