[This is preliminary documentation and subject to change.]
Web-Based Enterprise Management (WBEM) defines the following system classes for describing data that is related to security:
All of these classes belong to the Root\Security namespace. The __SecurityRelatedClass abstract class serves as the base class for all security classes. The __Subject class is the base class for all users, represented by the __User class, and all groups, represented by the __Group class.
The properties defined for the __Subject class include the full name for the user, assigned permissions, and three boolean flags. One flag indicates whether or not the subject is active and should be assigned permissions, the second whether ir not the subject can execute object methods, and the third whether or not the subject has access to the Root\Security namespace.
An instance of the __User or __Group class is created for every user or group to be validated by WBEM. These classes are intermediate abstract base classes and are only used as derivation points.
An instance of the __NTLMUser class is created to permit a user to access the Common Information Model Object Manager (CIMOM). The __NTLMUser class specifies the user's domain. Because __NTLMUser derives from the __Subject class, all of the __Subject properties must be set correctly before the user can be granted access to CIMOM. Instances of this class have no effect during a local login to Windows 95/98 systems; they are used only to authenticate remote logins. On Windows NT systems, instances of this class participate in both local and remote logins.
An instance of the __NTLMGroup class is created to permit a group to access CIMOM. Any user belonging to a group inherits the permissions assigned to the group. Its properties include the type of group (i.e. local or global) and, for a global group, the name of the domain. The __NTLMGroup class is used on Window NT platforms only. Instances of this class do not affect a login to Windows 95/98 systems.