WMI Providers security and permissions
By default, Patch Manager automatically deploys the WMI providers when required for specific configuration management tasks. WMI Providers runs as a process on the remote system when needed and does not run as a service.
By default, SolarWinds WMI Providers run under their own process using the Local System account, impersonating the security context of the caller. They use the appropriate credential stored in the Patch Manager database as assigned by the user credential ring.
See Manage Patch Manager users and security for details.