Any security benefit to winmgmt operating outside of svchost via the command
winmgmt /standalonehost ?
Its clearly useful for changing wbem Authentication levels, but does it have any security benefit outside of that?
WbemAuthenticationLevelDefault 0 Moniker: Default WMI uses the default Windows authentication setting. This is the recommended setting that allows WMI to negotiate to the level required by the server returning data. However, if the namespace requires encryption, use WbemAuthenticationLevelPktPrivacy. WbemAuthenticationLevelNone 1 Moniker: None Uses no authentication. WbemAuthenticationLevelConnect 2 Moniker: Connect Authenticates the credentials of the client only when the client establishes a relationship with the server. WbemAuthenticationLevelCall 3 Call Authenticates only at the beginning of each call when the server receives the request. WbemAuthenticationLevelPkt 4 Moniker: Pkt Authenticates that all data received is from the expected client. WbemAuthenticationLevelPktIntegrity 5 Moniker: PktIntegrity Authenticates and verifies that none of the data transferred between client and server has been modified. WbemAuthenticationLevelPktPrivacy 6 Moniker: PktPrivacy Authenticates all previous impersonation levels and encrypts the argument value of each remote procedure call. Use this setting if the namespace to which you are connecting requires an encrypted connection.