Security and Authentication

[This is preliminary documentation and subject to change.]

Web-Based Enterprise Management (WBEM) supports a limited form of security for the Microsoft® Windows® 98 platform that involves validating a user's logon for the local machine and for remote access. A validated user is granted access to the entire Common Information Model (CIM) schema. WBEM does not secure system resources, such as individual classes, instances, and namespaces. Security is limited because Windows 98 is not a secure operating system and does not support file system or registry security.

All security-related information is represented by instances of WBEM system classes located in the Root\Security namespace. These classes and instances can only appear in the Root\Security namespace and must remain there permanently.

The WBEM Administrator application can be used to set permissions for WBEM users. It is similar to the User Manager application supplied with Microsoft® Windows NT®.

In WBEM, all security accounts are referred to as subjects. There are two types of subjects: user and group. Users are represented by instances of the __NTLMUser system class, which describes individual users. Groups are represented by instances of the __NTLMGroup system class, which describes multiple users. Both the __NTLMUser and __NTLMGroup classes derive indirectly from the __Subject system class, an abstract class that is not intended to be used for instantiation. More directly, __NTLMUser derives from the generic __User class and __NTLMGroup derives from the generic __Group class.