Connect to WMI of remote machine when running as a service

I am writing some code to do wmi query and method execution on remote machine. My login credential is a domain admin. When I run in application mode, every works fine. When I run as service, it won't work which is expected since the default account service uses isLocal System. When I set the service to run as my credential, the remote wmi is working fine as well.

However it is not desirable, so I am trying to connect to remote wmi at service by supplying the user name and password at IWbemLocator.ConnectServer. I am able to get a IWbemServices object back successfully. However when I tried to Get the class object from the IWbemServices object, I got error:

//IWbemServices *pSvc
const bstr_t objectPath("stdRegProv");
const bstr_t methodName("GetStringValue");
IWbemClassObject *pClass = NULL;
HRESULT hr = pSvc->GetObject(objectPath, 0, NULL, &pClass, NULL);

The returned hr is 0x80041003 which is "access is denied" from this link: http://msdn.microsoft.com/en-us/library/windows/desktop/aa394559%28v=vs.85%29.aspx.

Generally if I supplied the wrong user name and password, I would get the access denied at the IWbemLocator.ConnectServer. So I am a little puzzled here why connection is good however I am not able to get the IWbemClassObject object. Since it is working if I use my domain credential as the service account, there must be some security difference. My WMI connection code is based on this sample code at MSDN: http://msdn.microsoft.com/en-us/library/windows/desktop/aa390418%28v=vs.85%29.aspx

WMI kind of strips some security rights; you need to either set up your account as "Trusted for delegation", which is extremely powerful and not recommended, or sign your code. Alternatively you can pass explicit permissions to the process.