Hi,
I am trying to develop a managed WMI provider in .NET 4.0 that runs under the Local System account on Windows XP/7 machines. I start my class definition with the following code:
[assembly: WmiConfiguration(@"root\MyCompany", HostingModel = ManagementHostingModel.LocalSystem, IdentifyLevel = false)]
Based on the HostingModel and IdentifyLevel properties, I would expect that my code would run under the system account. After I build my DLL, I run InstallUtil.exe with the /MOF parameter to create a mof file. Once I import the mof, using mofcomp, I see where an instance exists in the WMI_extension class for my provider. This instance has its HostingModel property set to "LocalSystemHost:CLR", and its ImpersonationLevel property set to "0". My understanding is that a value of 0 for ImpersonationLevel disables impersonation, and runs the provider under the context used for the wmiprvse.exe process.
The provider is gathering information (for read only access) that requires administrative level access in Windows Vista/7. I found that if the client application is running under a non-administrative context, the provider code is executed with the same restrictive token. (I'm running these tests on a Windows Vista machine with UAC enabled) As a test, I launched powershell and use the gwmi command to query my class. In my code, I log the Environment.UserName property as well as enumerate token privileges, since my provider needs a couple admin level privileges enabled. Both data points indicate that the provider is running under the non-admin context in which powershell was loaded. The odd thing is if I'm running Process Monitor to see who is accessing the log file when it's written, I see the Local System account's SID even though my log information says that the thread is running under the user.
Is it just not possible to run a managed WMIProvider under the local system account?
I'm guessing I could port my code over to a local service, and then register the WMI class in a decoupled hosting model, but I'm trying to minimize the footprint on the machine and would prefer to use a single dll, rather than a local service.
Any help would be greatly appreciated. I would be happy to give you any additional information. Sorry if this is in the wrong category, I'm new to these forums.
Thanks,