Executing Privileged Operations Using VBScript
If you use the scripting API for WMI, you can set specific security privileges. For example, you can set the security privileges to request an operating system shutdown, or to examine the security event log. For more information, see Running with Special Privileges.
You only need to set privileges when you are accessing WMI on your computer. When you are accessing a remote host, COM RPC automatically sets the privileges. To determine all the required privileges, consult the documentation for the specific WMI classes that you want to access, such as Win32_OperatingSystem. For more information, see WbemPrivilegeEnum
The following sections are discussed in this topic:
- Setting a Privilege from the Security_ Object
- Setting a Privilege as Part of a Moniker
- Revoking and Resetting Privileges
- Related topics
Setting a Privilege from the Security_ Object
Use the following procedure to set security privileges in Visual Basic.
To set privileges in Visual Basic
Create an object of type SWbemLocator.
Add the new privilege to the SWbemLocator.Security_ object.
The Security_ object contains an SWbemObjectSet collection. The objects in the set are SWbemSecurity objects. For more information, see Accessing a Collection.
Log on to WMI and retrieve an SWbemServices object.
The SWbemServices object inherits the privilege that is set in the previous step.
You can also set a privilege using the SWbemPrivilegeSet.AddAsString method.
Setting a Privilege as Part of a Moniker
You can set a privilege as part of a moniker.
The following example shows you how to add a debug privilege to a moniker.
Set Service = GetObject("winmgmts:{impersonationLevel=impersonate, (Debug)}")
Revoking and Resetting Privileges
The following example shows you how to set the SeDebugPrivilege privilege, and revoke the SeRemoteShutdownPrivilege privilege.
Set Service = GetObject("winmgmts:{impersonate,(Debug,!RemoteShutdown)}")
Related topics