Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 39145 16:33:37 (0) ** WMIDiag v2.2 started on woensdag 20 september 2017 at 16:28.
- 39146 16:33:37 (0) **
- 39147 16:33:37 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007.
- 39148 16:33:37 (0) **
- 39149 16:33:37 (0) ** This script is not supported under any Microsoft standard support program or service.
- 39150 16:33:37 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
- 39151 16:33:37 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
- 39152 16:33:37 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
- 39153 16:33:37 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
- 39154 16:33:37 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
- 39155 16:33:37 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
- 39156 16:33:37 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
- 39157 16:33:37 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
- 39158 16:33:37 (0) ** of the possibility of such damages.
- 39159 16:33:37 (0) **
- 39160 16:33:37 (0) **
- 39161 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39162 16:33:37 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
- 39163 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39164 16:33:37 (0) **
- 39165 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39166 16:33:37 (0) ** Windows 8.1 - No Service Pack - 64-bit (15063) - User 'OSM-D10P-01\ADEBRUIN' on computer 'OSM-D10P-01'.
- 39167 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39168 16:33:37 (0) ** Environment: ........................................................................................................ OK.
- 39169 16:33:37 (0) ** System drive: ....................................................................................................... C: (Schijfnr. 0 partitienr. 1).
- 39170 16:33:37 (0) ** Drive type: ......................................................................................................... IDE (SAMSUNG MZ7LN256HMJP-000H1).
- 39171 16:33:37 (0) ** There are no missing WMI system files: .............................................................................. OK.
- 39172 16:33:37 (0) ** There are no missing WMI repository files: .......................................................................... OK.
- 39173 16:33:37 (0) ** WMI repository state: ............................................................................................... N/A.
- 39174 16:33:37 (0) ** AFTER running WMIDiag:
- 39175 16:33:37 (0) ** The WMI repository has a size of: ................................................................................... 44 MB.
- 39176 16:33:37 (0) ** - Disk free space on 'C:': .......................................................................................... 66807 MB.
- 39177 16:33:37 (0) ** - INDEX.BTR, 8372224 bytes, 20-9-2017 16:18:22
- 39178 16:33:37 (0) ** - MAPPING1.MAP, 124220 bytes, 20-9-2017 16:13:36
- 39179 16:33:37 (0) ** - MAPPING2.MAP, 124232 bytes, 20-9-2017 16:18:22
- 39180 16:33:37 (0) ** - OBJECTS.DATA, 37822464 bytes, 20-9-2017 16:18:22
- 39181 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39182 16:33:37 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
- 39183 16:33:37 (0) ** Windows Firewall Profile: ........................................................................................... PRIVATE.
- 39184 16:33:37 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
- 39185 16:33:37 (0) ** => This will prevent any WMI remote connectivity to this computer except
- 39186 16:33:37 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING:
- 39187 16:33:37 (0) ** - 'Windows Management Instrumentation (DCOM-In)'
- 39188 16:33:37 (0) ** - 'Windows Management Instrumentation (WMI-In)'
- 39189 16:33:37 (0) ** - 'Windows Management Instrumentation (ASync-In)'
- 39190 16:33:37 (0) ** Verify the reported status for each of these three inbound rules below.
- 39191 16:33:37 (0) **
- 39192 16:33:37 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
- 39193 16:33:37 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
- 39194 16:33:37 (0) ** - You can adjust the configuration by executing the following command:
- 39195 16:33:37 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
- 39196 16:33:37 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
- 39197 16:33:37 (0) ** You can also enable each individual rule instead of activating the group rule.
- 39198 16:33:37 (0) **
- 39199 16:33:37 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED.
- 39200 16:33:37 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine.
- 39201 16:33:37 (0) ** - You can adjust the configuration of this rule by executing the following command:
- 39202 16:33:37 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES'
- 39203 16:33:37 (0) **
- 39204 16:33:37 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... DISABLED.
- 39205 16:33:37 (0) ** => This will prevent any WMI asynchronous outbound connectivity from this machine.
- 39206 16:33:37 (0) ** - You can adjust the configuration of this rule by executing the following command:
- 39207 16:33:37 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-Out)" NEW ENABLE=YES'
- 39208 16:33:37 (0) **
- 39209 16:33:37 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED.
- 39210 16:33:37 (0) ** => This will prevent any WMI inbound connectivity to this machine.
- 39211 16:33:37 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity.
- 39212 16:33:37 (0) ** - You can adjust the configuration of this rule by executing the following command:
- 39213 16:33:37 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES'
- 39214 16:33:37 (0) **
- 39215 16:33:37 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED.
- 39216 16:33:37 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine.
- 39217 16:33:37 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity.
- 39218 16:33:37 (0) ** - You can adjust the configuration of this rule by executing the following command:
- 39219 16:33:37 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES'
- 39220 16:33:37 (0) **
- 39221 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39222 16:33:37 (0) ** DCOM Status: ........................................................................................................ OK.
- 39223 16:33:37 (0) ** WMI registry setup: ................................................................................................. OK.
- 39224 16:33:37 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
- 39225 16:33:37 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
- 39226 16:33:37 (0) ** - Internet Connection Sharing (ICS) (*) (SHAREDACCESS, StartMode='Manual')
- 39227 16:33:37 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
- 39228 16:33:37 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
- 39229 16:33:37 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
- 39230 16:33:37 (0) ** this can prevent the service/application to work as expected.
- 39231 16:33:37 (0) **
- 39232 16:33:37 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
- 39233 16:33:37 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
- 39234 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39235 16:33:37 (0) ** WMI service DCOM setup: ............................................................................................. OK.
- 39236 16:33:37 (0) ** WMI components DCOM registrations: .................................................................................. OK.
- 39237 16:33:37 (0) ** WMI ProgID registrations: ........................................................................................... OK.
- 39238 16:33:37 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
- 39239 16:33:37 (2) !! WARNING: WMI provider CIM registrations missing for the following provider(s): ...................................... 1 WARNING(S)!
- 39240 16:33:37 (0) ** - ROOT/WMI, Provider_BIOSInterface (i.e. WMI Class 'HPBIOS_BIOSEvent')
- 39241 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
- 39242 16:33:37 (0) ** => This is an issue because there are still some WMI classes referencing this list of providers
- 39243 16:33:37 (0) ** while the CIM registration is wrong or missing. This can be due to:
- 39244 16:33:37 (0) ** - a de-installation of the software.
- 39245 16:33:37 (0) ** - a deletion of some CIM registration information.
- 39246 16:33:37 (0) ** => You can correct the CIM configuration by:
- 39247 16:33:37 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
- 39248 16:33:37 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
- 39249 16:33:37 (0) ** (This list can be built on a similar and working WMI Windows installation)
- 39250 16:33:37 (0) ** The following command line must be used:
- 39251 16:33:37 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
- 39252 16:33:37 (0) ** - Re-installing the software.
- 39253 16:33:37 (0) ** => If the software has been de-installed intentionally, then this information must be
- 39254 16:33:37 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove the provider
- 39255 16:33:37 (0) ** registration data and its set of associated classes.
- 39256 16:33:37 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\WMI path __Win32Provider Where Name='Provider_BIOSInterface' DELETE'
- 39257 16:33:37 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\WMI Class HPBIOS_BIOSEvent DELETE'
- 39258 16:33:37 (0) ** => If the namespace was ENTIRELY dedicated to the intentionally de-installed software,
- 39259 16:33:37 (0) ** the namespace and ALL its content can be ENTIRELY deleted.
- 39260 16:33:37 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE Where Name='WMI' DELETE'
- 39261 16:33:37 (0) **
- 39262 16:33:37 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
- 39263 16:33:37 (2) !! WARNING: Some WMI providers EXE/DLL file(s) are missing: ............................................................ 1 WARNING(S)!
- 39264 16:33:37 (0) ** - ROOT/STANDARDCIMV2/EMBEDDED, WEMSAL_WmiProvider, C:\windows\System32\wbem\WEMSAL_WmiProvider (1).dll
- 39265 16:33:37 (0) ** => This will make any operations related to the WMI class supported by the provider(s) to fail.
- 39266 16:33:37 (0) ** This can be due to:
- 39267 16:33:37 (0) ** - the de-installation of the software.
- 39268 16:33:37 (0) ** - the deletion of some files.
- 39269 16:33:37 (0) ** => If the software has been de-installed intentionally, then this information must be
- 39270 16:33:37 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove
- 39271 16:33:37 (0) ** the provider registration data.
- 39272 16:33:37 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\STANDARDCIMV2\EMBEDDED path __Win32Provider Where Name='WEMSAL_WmiProvider' DELETE'
- 39273 16:33:37 (0) ** => If not, you must restore a copy of the missing provider EXE/DLL file(s) as indicated by the path.
- 39274 16:33:37 (0) ** You can retrieve the missing file from:
- 39275 16:33:37 (0) ** - A backup.
- 39276 16:33:37 (0) ** - The Windows CD.
- 39277 16:33:37 (0) ** - Another Windows installation using the same version and service pack level of the examined system.
- 39278 16:33:37 (0) ** - The original CD or software package installing this WMI provider.
- 39279 16:33:37 (0) **
- 39280 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39281 16:33:37 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED.
- 39282 16:33:37 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context.
- 39283 16:33:37 (0) ** i.e. You can start your scripts or WMIC commands from an elevated command
- 39284 16:33:37 (0) ** prompt by right clicking on the 'Command Prompt' icon in the Start Menu and
- 39285 16:33:37 (0) ** selecting 'Run as Administrator'.
- 39286 16:33:37 (0) ** i.e. You can also execute the WMI scripts or WMIC commands as a task
- 39287 16:33:37 (0) ** in the Task Scheduler within the right security context.
- 39288 16:33:37 (0) **
- 39289 16:33:37 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
- 39290 16:33:37 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
- 39291 16:33:37 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
- 39292 16:33:37 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote
- 39293 16:33:37 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
- 39294 16:33:37 (0) **
- 39295 16:33:37 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
- 39296 16:33:37 (1) !! ERROR: Default trustee 'NT AUTHORITY\ANONYMOUS LOGON' has been REMOVED!
- 39297 16:33:37 (0) ** - REMOVED ACE:
- 39298 16:33:37 (0) ** ACEType: &h0
- 39299 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
- 39300 16:33:37 (0) ** ACEFlags: &h0
- 39301 16:33:37 (0) ** ACEMask: &h3
- 39302 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
- 39303 16:33:37 (0) ** DCOM_RIGHT_ACCESS_LOCAL
- 39304 16:33:37 (0) **
- 39305 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
- 39306 16:33:37 (0) ** Removing default security will cause some operations to fail!
- 39307 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
- 39308 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
- 39309 16:33:37 (0) **
- 39310 16:33:37 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
- 39311 16:33:37 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
- 39312 16:33:37 (0) ** - REMOVED ACE:
- 39313 16:33:37 (0) ** ACEType: &h0
- 39314 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
- 39315 16:33:37 (0) ** ACEFlags: &h0
- 39316 16:33:37 (0) ** ACEMask: &h7
- 39317 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
- 39318 16:33:37 (0) ** DCOM_RIGHT_ACCESS_LOCAL
- 39319 16:33:37 (0) ** DCOM_RIGHT_ACCESS_REMOTE
- 39320 16:33:37 (0) **
- 39321 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
- 39322 16:33:37 (0) ** Removing default security will cause some operations to fail!
- 39323 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
- 39324 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
- 39325 16:33:37 (0) **
- 39326 16:33:37 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
- 39327 16:33:37 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
- 39328 16:33:37 (0) ** - REMOVED ACE:
- 39329 16:33:37 (0) ** ACEType: &h0
- 39330 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
- 39331 16:33:37 (0) ** ACEFlags: &h0
- 39332 16:33:37 (0) ** ACEMask: &h7
- 39333 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
- 39334 16:33:37 (0) ** DCOM_RIGHT_ACCESS_LOCAL
- 39335 16:33:37 (0) ** DCOM_RIGHT_ACCESS_REMOTE
- 39336 16:33:37 (0) **
- 39337 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
- 39338 16:33:37 (0) ** Removing default security will cause some operations to fail!
- 39339 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
- 39340 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
- 39341 16:33:37 (0) **
- 39342 16:33:37 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
- 39343 16:33:37 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
- 39344 16:33:37 (0) ** - REMOVED ACE:
- 39345 16:33:37 (0) ** ACEType: &h0
- 39346 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
- 39347 16:33:37 (0) ** ACEFlags: &h0
- 39348 16:33:37 (0) ** ACEMask: &h1F
- 39349 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
- 39350 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
- 39351 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
- 39352 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
- 39353 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
- 39354 16:33:37 (0) **
- 39355 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
- 39356 16:33:37 (0) ** Removing default security will cause some operations to fail!
- 39357 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
- 39358 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
- 39359 16:33:37 (0) **
- 39360 16:33:37 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
- 39361 16:33:37 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
- 39362 16:33:37 (0) ** - REMOVED ACE:
- 39363 16:33:37 (0) ** ACEType: &h0
- 39364 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
- 39365 16:33:37 (0) ** ACEFlags: &h0
- 39366 16:33:37 (0) ** ACEMask: &h1F
- 39367 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
- 39368 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
- 39369 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
- 39370 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
- 39371 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
- 39372 16:33:37 (0) **
- 39373 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
- 39374 16:33:37 (0) ** Removing default security will cause some operations to fail!
- 39375 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
- 39376 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
- 39377 16:33:37 (0) **
- 39378 16:33:37 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
- 39379 16:33:37 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
- 39380 16:33:37 (0) ** - REMOVED ACE:
- 39381 16:33:37 (0) ** ACEType: &h0
- 39382 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
- 39383 16:33:37 (0) ** ACEFlags: &h0
- 39384 16:33:37 (0) ** ACEMask: &h1F
- 39385 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
- 39386 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
- 39387 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
- 39388 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
- 39389 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
- 39390 16:33:37 (0) **
- 39391 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
- 39392 16:33:37 (0) ** Removing default security will cause some operations to fail!
- 39393 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
- 39394 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
- 39395 16:33:37 (0) **
- 39396 16:33:37 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
- 39397 16:33:37 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
- 39398 16:33:37 (0) ** - REMOVED ACE:
- 39399 16:33:37 (0) ** ACEType: &h0
- 39400 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
- 39401 16:33:37 (0) ** ACEFlags: &h0
- 39402 16:33:37 (0) ** ACEMask: &h1F
- 39403 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
- 39404 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
- 39405 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
- 39406 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
- 39407 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
- 39408 16:33:37 (0) **
- 39409 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
- 39410 16:33:37 (0) ** Removing default security will cause some operations to fail!
- 39411 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
- 39412 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
- 39413 16:33:37 (0) **
- 39414 16:33:37 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
- 39415 16:33:37 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
- 39416 16:33:37 (0) ** - REMOVED ACE:
- 39417 16:33:37 (0) ** ACEType: &h0
- 39418 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
- 39419 16:33:37 (0) ** ACEFlags: &h0
- 39420 16:33:37 (0) ** ACEMask: &hB
- 39421 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
- 39422 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
- 39423 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
- 39424 16:33:37 (0) **
- 39425 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
- 39426 16:33:37 (0) ** Removing default security will cause some operations to fail!
- 39427 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
- 39428 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
- 39429 16:33:37 (0) **
- 39430 16:33:37 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
- 39431 16:33:37 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
- 39432 16:33:37 (0) ** - REMOVED ACE:
- 39433 16:33:37 (0) ** ACEType: &h0
- 39434 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
- 39435 16:33:37 (0) ** ACEFlags: &h0
- 39436 16:33:37 (0) ** ACEMask: &h1F
- 39437 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
- 39438 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
- 39439 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
- 39440 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
- 39441 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
- 39442 16:33:37 (0) **
- 39443 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
- 39444 16:33:37 (0) ** Removing default security will cause some operations to fail!
- 39445 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
- 39446 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
- 39447 16:33:37 (0) **
- 39448 16:33:37 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
- 39449 16:33:37 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
- 39450 16:33:37 (0) ** - REMOVED ACE:
- 39451 16:33:37 (0) ** ACEType: &h0
- 39452 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
- 39453 16:33:37 (0) ** ACEFlags: &h0
- 39454 16:33:37 (0) ** ACEMask: &h1F
- 39455 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
- 39456 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
- 39457 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
- 39458 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
- 39459 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
- 39460 16:33:37 (0) **
- 39461 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
- 39462 16:33:37 (0) ** Removing default security will cause some operations to fail!
- 39463 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
- 39464 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
- 39465 16:33:37 (0) **
- 39466 16:33:37 (0) **
- 39467 16:33:37 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
- 39468 16:33:37 (0) ** DCOM security error(s) detected: .................................................................................... 10.
- 39469 16:33:37 (0) ** WMI security warning(s) detected: ................................................................................... 0.
- 39470 16:33:37 (0) ** WMI security error(s) detected: ..................................................................................... 0.
- 39471 16:33:37 (0) **
- 39472 16:33:37 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
- 39473 16:33:37 (0) ** Overall WMI security status: ........................................................................................ OK.
- 39474 16:33:37 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
- 39475 16:33:37 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 1.
- 39476 16:33:37 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
- 39477 16:33:37 (0) ** 'select * from MSFT_SCMEventLogEvent'
- 39478 16:33:37 (0) **
- 39479 16:33:37 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
- 39480 16:33:37 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 4 NAMESPACE(S)!
- 39481 16:33:37 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM.
- 39482 16:33:37 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION.
- 39483 16:33:37 (0) ** - ROOT/CIMV2/TERMINALSERVICES.
- 39484 16:33:37 (0) ** - ROOT/SERVICEMODEL.
- 39485 16:33:37 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
- 39486 16:33:37 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level.
- 39487 16:33:37 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
- 39488 16:33:37 (0) ** i.e. 'WMIC.EXE /NODE:"OSM-D10P-01" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
- 39489 16:33:37 (0) **
- 39490 16:33:37 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
- 39491 16:33:37 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 1 ERROR(S)!
- 39492 16:33:37 (0) ** - Root/nap, 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found.
- 39493 16:33:37 (0) **
- 39494 16:33:37 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 5 ERROR(S)!
- 39495 16:33:37 (0) ** - Root/CIMV2, Win32_FloppyDrive, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
- 39496 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
- 39497 16:33:37 (0) ** - Root/CIMV2, Win32_FloppyController, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
- 39498 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
- 39499 16:33:37 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServicesSession, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
- 39500 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
- 39501 16:33:37 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServicesSession, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
- 39502 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
- 39503 16:33:37 (0) ** - Root/WMI, Thread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
- 39504 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
- 39505 16:33:37 (0) **
- 39506 16:33:37 (0) ** WMI MOF representations: ............................................................................................ OK.
- 39507 16:33:37 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
- 39508 16:33:37 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
- 39509 16:33:37 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
- 39510 16:33:37 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
- 39511 16:33:37 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
- 39512 16:33:37 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
- 39513 16:33:37 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
- 39514 16:33:37 (0) ** WMI static instances retrieved: ..................................................................................... 1978.
- 39515 16:33:37 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
- 39516 16:33:37 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
- 39517 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39518 16:33:37 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
- 39519 16:33:37 (0) ** DCOM: ............................................................................................................. 0.
- 39520 16:33:37 (0) ** WINMGMT: .......................................................................................................... 0.
- 39521 16:33:37 (0) ** WMIADAPTER: ....................................................................................................... 0.
- 39522 16:33:37 (0) **
- 39523 16:33:37 (0) ** # of additional Event Log events AFTER WMIDiag execution:
- 39524 16:33:37 (0) ** DCOM: ............................................................................................................. 0.
- 39525 16:33:37 (0) ** WINMGMT: .......................................................................................................... 0.
- 39526 16:33:37 (0) ** WMIADAPTER: ....................................................................................................... 0.
- 39527 16:33:37 (0) **
- 39528 16:33:37 (0) ** 1 error(s) 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found
- 39529 16:33:37 (0) **
- 39530 16:33:37 (0) ** 5 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
- 39531 16:33:37 (0) ** => This error is typically a WMI error. This WMI error is due to:
- 39532 16:33:37 (0) ** - a missing WMI class definition or object.
- 39533 16:33:37 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
- 39534 16:33:37 (0) ** You can correct the missing class definitions by:
- 39535 16:33:37 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
- 39536 16:33:37 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
- 39537 16:33:37 (0) ** (This list can be built on a similar and working WMI Windows installation)
- 39538 16:33:37 (0) ** The following command line must be used:
- 39539 16:33:37 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
- 39540 16:33:37 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
- 39541 16:33:37 (0) ** with WMI by starting the ADAP process.
- 39542 16:33:37 (0) ** - a WMI repository corruption.
- 39543 16:33:37 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
- 39544 16:33:37 (0) ** to validate the WMI repository operations.
- 39545 16:33:37 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
- 39546 16:33:37 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use:
- 39547 16:33:37 (0) ** i.e. 'WMIDiag WriteInRepository=Root'
- 39548 16:33:37 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
- 39549 16:33:37 (0) ** the WMI repository must be reconstructed.
- 39550 16:33:37 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
- 39551 16:33:37 (0) ** otherwise some applications may fail after the reconstruction.
- 39552 16:33:37 (0) ** This can be achieved with the following command:
- 39553 16:33:37 (0) ** i.e. 'WMIDiag ShowMOFErrors'
- 39554 16:33:37 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
- 39555 16:33:37 (0) ** ALL fixes previously mentioned.
- 39556 16:33:37 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
- 39557 16:33:37 (0) **
- 39558 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39559 16:33:37 (0) ** WMI Registry key setup: ............................................................................................. OK.
- 39560 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39561 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39562 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39563 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39564 16:33:37 (0) **
- 39565 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39566 16:33:37 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
- 39567 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
- 39568 16:33:37 (0) **
- 39569 16:33:37 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\ADEBRUIN\APPDATA\LOCAL\TEMP\WMIDIAG-V2.2_WIN8.1_.CLI.RTM.64_OSM-D10P-01_2017.09.20_16.27.43.LOG' for details.
- 39570 16:33:37 (0) **
- 39571 16:33:37 (0) ** WMIDiag v2.2 ended on woensdag 20 september 2017 at 16:33 (W:170 E:154 S:1).
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement