API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Sep 20th, 2017
58
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 38.57 KB | None | 0 0
raw download clone embed print report
  1. 39145 16:33:37 (0) ** WMIDiag v2.2 started on woensdag 20 september 2017 at 16:28.
  2. 39146 16:33:37 (0) **
  3. 39147 16:33:37 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007.
  4. 39148 16:33:37 (0) **
  5. 39149 16:33:37 (0) ** This script is not supported under any Microsoft standard support program or service.
  6. 39150 16:33:37 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
  7. 39151 16:33:37 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
  8. 39152 16:33:37 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
  9. 39153 16:33:37 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
  10. 39154 16:33:37 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
  11. 39155 16:33:37 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
  12. 39156 16:33:37 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
  13. 39157 16:33:37 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
  14. 39158 16:33:37 (0) ** of the possibility of such damages.
  15. 39159 16:33:37 (0) **
  16. 39160 16:33:37 (0) **
  17. 39161 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  18. 39162 16:33:37 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
  19. 39163 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  20. 39164 16:33:37 (0) **
  21. 39165 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  22. 39166 16:33:37 (0) ** Windows 8.1 - No Service Pack - 64-bit (15063) - User 'OSM-D10P-01\ADEBRUIN' on computer 'OSM-D10P-01'.
  23. 39167 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  24. 39168 16:33:37 (0) ** Environment: ........................................................................................................ OK.
  25. 39169 16:33:37 (0) ** System drive: ....................................................................................................... C: (Schijfnr. 0 partitienr. 1).
  26. 39170 16:33:37 (0) ** Drive type: ......................................................................................................... IDE (SAMSUNG MZ7LN256HMJP-000H1).
  27. 39171 16:33:37 (0) ** There are no missing WMI system files: .............................................................................. OK.
  28. 39172 16:33:37 (0) ** There are no missing WMI repository files: .......................................................................... OK.
  29. 39173 16:33:37 (0) ** WMI repository state: ............................................................................................... N/A.
  30. 39174 16:33:37 (0) ** AFTER running WMIDiag:
  31. 39175 16:33:37 (0) ** The WMI repository has a size of: ................................................................................... 44 MB.
  32. 39176 16:33:37 (0) ** - Disk free space on 'C:': .......................................................................................... 66807 MB.
  33. 39177 16:33:37 (0) ** - INDEX.BTR, 8372224 bytes, 20-9-2017 16:18:22
  34. 39178 16:33:37 (0) ** - MAPPING1.MAP, 124220 bytes, 20-9-2017 16:13:36
  35. 39179 16:33:37 (0) ** - MAPPING2.MAP, 124232 bytes, 20-9-2017 16:18:22
  36. 39180 16:33:37 (0) ** - OBJECTS.DATA, 37822464 bytes, 20-9-2017 16:18:22
  37. 39181 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  38. 39182 16:33:37 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
  39. 39183 16:33:37 (0) ** Windows Firewall Profile: ........................................................................................... PRIVATE.
  40. 39184 16:33:37 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
  41. 39185 16:33:37 (0) ** => This will prevent any WMI remote connectivity to this computer except
  42. 39186 16:33:37 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING:
  43. 39187 16:33:37 (0) ** - 'Windows Management Instrumentation (DCOM-In)'
  44. 39188 16:33:37 (0) ** - 'Windows Management Instrumentation (WMI-In)'
  45. 39189 16:33:37 (0) ** - 'Windows Management Instrumentation (ASync-In)'
  46. 39190 16:33:37 (0) ** Verify the reported status for each of these three inbound rules below.
  47. 39191 16:33:37 (0) **
  48. 39192 16:33:37 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
  49. 39193 16:33:37 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
  50. 39194 16:33:37 (0) ** - You can adjust the configuration by executing the following command:
  51. 39195 16:33:37 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
  52. 39196 16:33:37 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
  53. 39197 16:33:37 (0) ** You can also enable each individual rule instead of activating the group rule.
  54. 39198 16:33:37 (0) **
  55. 39199 16:33:37 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED.
  56. 39200 16:33:37 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine.
  57. 39201 16:33:37 (0) ** - You can adjust the configuration of this rule by executing the following command:
  58. 39202 16:33:37 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES'
  59. 39203 16:33:37 (0) **
  60. 39204 16:33:37 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-Out)' rule: ............................................... DISABLED.
  61. 39205 16:33:37 (0) ** => This will prevent any WMI asynchronous outbound connectivity from this machine.
  62. 39206 16:33:37 (0) ** - You can adjust the configuration of this rule by executing the following command:
  63. 39207 16:33:37 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-Out)" NEW ENABLE=YES'
  64. 39208 16:33:37 (0) **
  65. 39209 16:33:37 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED.
  66. 39210 16:33:37 (0) ** => This will prevent any WMI inbound connectivity to this machine.
  67. 39211 16:33:37 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity.
  68. 39212 16:33:37 (0) ** - You can adjust the configuration of this rule by executing the following command:
  69. 39213 16:33:37 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES'
  70. 39214 16:33:37 (0) **
  71. 39215 16:33:37 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED.
  72. 39216 16:33:37 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine.
  73. 39217 16:33:37 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity.
  74. 39218 16:33:37 (0) ** - You can adjust the configuration of this rule by executing the following command:
  75. 39219 16:33:37 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES'
  76. 39220 16:33:37 (0) **
  77. 39221 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  78. 39222 16:33:37 (0) ** DCOM Status: ........................................................................................................ OK.
  79. 39223 16:33:37 (0) ** WMI registry setup: ................................................................................................. OK.
  80. 39224 16:33:37 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
  81. 39225 16:33:37 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
  82. 39226 16:33:37 (0) ** - Internet Connection Sharing (ICS) (*) (SHAREDACCESS, StartMode='Manual')
  83. 39227 16:33:37 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
  84. 39228 16:33:37 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
  85. 39229 16:33:37 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
  86. 39230 16:33:37 (0) ** this can prevent the service/application to work as expected.
  87. 39231 16:33:37 (0) **
  88. 39232 16:33:37 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
  89. 39233 16:33:37 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
  90. 39234 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  91. 39235 16:33:37 (0) ** WMI service DCOM setup: ............................................................................................. OK.
  92. 39236 16:33:37 (0) ** WMI components DCOM registrations: .................................................................................. OK.
  93. 39237 16:33:37 (0) ** WMI ProgID registrations: ........................................................................................... OK.
  94. 39238 16:33:37 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
  95. 39239 16:33:37 (2) !! WARNING: WMI provider CIM registrations missing for the following provider(s): ...................................... 1 WARNING(S)!
  96. 39240 16:33:37 (0) ** - ROOT/WMI, Provider_BIOSInterface (i.e. WMI Class 'HPBIOS_BIOSEvent')
  97. 39241 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
  98. 39242 16:33:37 (0) ** => This is an issue because there are still some WMI classes referencing this list of providers
  99. 39243 16:33:37 (0) ** while the CIM registration is wrong or missing. This can be due to:
  100. 39244 16:33:37 (0) ** - a de-installation of the software.
  101. 39245 16:33:37 (0) ** - a deletion of some CIM registration information.
  102. 39246 16:33:37 (0) ** => You can correct the CIM configuration by:
  103. 39247 16:33:37 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
  104. 39248 16:33:37 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
  105. 39249 16:33:37 (0) ** (This list can be built on a similar and working WMI Windows installation)
  106. 39250 16:33:37 (0) ** The following command line must be used:
  107. 39251 16:33:37 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
  108. 39252 16:33:37 (0) ** - Re-installing the software.
  109. 39253 16:33:37 (0) ** => If the software has been de-installed intentionally, then this information must be
  110. 39254 16:33:37 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove the provider
  111. 39255 16:33:37 (0) ** registration data and its set of associated classes.
  112. 39256 16:33:37 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\WMI path __Win32Provider Where Name='Provider_BIOSInterface' DELETE'
  113. 39257 16:33:37 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\WMI Class HPBIOS_BIOSEvent DELETE'
  114. 39258 16:33:37 (0) ** => If the namespace was ENTIRELY dedicated to the intentionally de-installed software,
  115. 39259 16:33:37 (0) ** the namespace and ALL its content can be ENTIRELY deleted.
  116. 39260 16:33:37 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE Where Name='WMI' DELETE'
  117. 39261 16:33:37 (0) **
  118. 39262 16:33:37 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
  119. 39263 16:33:37 (2) !! WARNING: Some WMI providers EXE/DLL file(s) are missing: ............................................................ 1 WARNING(S)!
  120. 39264 16:33:37 (0) ** - ROOT/STANDARDCIMV2/EMBEDDED, WEMSAL_WmiProvider, C:\windows\System32\wbem\WEMSAL_WmiProvider (1).dll
  121. 39265 16:33:37 (0) ** => This will make any operations related to the WMI class supported by the provider(s) to fail.
  122. 39266 16:33:37 (0) ** This can be due to:
  123. 39267 16:33:37 (0) ** - the de-installation of the software.
  124. 39268 16:33:37 (0) ** - the deletion of some files.
  125. 39269 16:33:37 (0) ** => If the software has been de-installed intentionally, then this information must be
  126. 39270 16:33:37 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove
  127. 39271 16:33:37 (0) ** the provider registration data.
  128. 39272 16:33:37 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\STANDARDCIMV2\EMBEDDED path __Win32Provider Where Name='WEMSAL_WmiProvider' DELETE'
  129. 39273 16:33:37 (0) ** => If not, you must restore a copy of the missing provider EXE/DLL file(s) as indicated by the path.
  130. 39274 16:33:37 (0) ** You can retrieve the missing file from:
  131. 39275 16:33:37 (0) ** - A backup.
  132. 39276 16:33:37 (0) ** - The Windows CD.
  133. 39277 16:33:37 (0) ** - Another Windows installation using the same version and service pack level of the examined system.
  134. 39278 16:33:37 (0) ** - The original CD or software package installing this WMI provider.
  135. 39279 16:33:37 (0) **
  136. 39280 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  137. 39281 16:33:37 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED.
  138. 39282 16:33:37 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context.
  139. 39283 16:33:37 (0) ** i.e. You can start your scripts or WMIC commands from an elevated command
  140. 39284 16:33:37 (0) ** prompt by right clicking on the 'Command Prompt' icon in the Start Menu and
  141. 39285 16:33:37 (0) ** selecting 'Run as Administrator'.
  142. 39286 16:33:37 (0) ** i.e. You can also execute the WMI scripts or WMIC commands as a task
  143. 39287 16:33:37 (0) ** in the Task Scheduler within the right security context.
  144. 39288 16:33:37 (0) **
  145. 39289 16:33:37 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
  146. 39290 16:33:37 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
  147. 39291 16:33:37 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
  148. 39292 16:33:37 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote
  149. 39293 16:33:37 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
  150. 39294 16:33:37 (0) **
  151. 39295 16:33:37 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
  152. 39296 16:33:37 (1) !! ERROR: Default trustee 'NT AUTHORITY\ANONYMOUS LOGON' has been REMOVED!
  153. 39297 16:33:37 (0) ** - REMOVED ACE:
  154. 39298 16:33:37 (0) ** ACEType: &h0
  155. 39299 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
  156. 39300 16:33:37 (0) ** ACEFlags: &h0
  157. 39301 16:33:37 (0) ** ACEMask: &h3
  158. 39302 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
  159. 39303 16:33:37 (0) ** DCOM_RIGHT_ACCESS_LOCAL
  160. 39304 16:33:37 (0) **
  161. 39305 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
  162. 39306 16:33:37 (0) ** Removing default security will cause some operations to fail!
  163. 39307 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
  164. 39308 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
  165. 39309 16:33:37 (0) **
  166. 39310 16:33:37 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
  167. 39311 16:33:37 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
  168. 39312 16:33:37 (0) ** - REMOVED ACE:
  169. 39313 16:33:37 (0) ** ACEType: &h0
  170. 39314 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
  171. 39315 16:33:37 (0) ** ACEFlags: &h0
  172. 39316 16:33:37 (0) ** ACEMask: &h7
  173. 39317 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
  174. 39318 16:33:37 (0) ** DCOM_RIGHT_ACCESS_LOCAL
  175. 39319 16:33:37 (0) ** DCOM_RIGHT_ACCESS_REMOTE
  176. 39320 16:33:37 (0) **
  177. 39321 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
  178. 39322 16:33:37 (0) ** Removing default security will cause some operations to fail!
  179. 39323 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
  180. 39324 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
  181. 39325 16:33:37 (0) **
  182. 39326 16:33:37 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
  183. 39327 16:33:37 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
  184. 39328 16:33:37 (0) ** - REMOVED ACE:
  185. 39329 16:33:37 (0) ** ACEType: &h0
  186. 39330 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
  187. 39331 16:33:37 (0) ** ACEFlags: &h0
  188. 39332 16:33:37 (0) ** ACEMask: &h7
  189. 39333 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
  190. 39334 16:33:37 (0) ** DCOM_RIGHT_ACCESS_LOCAL
  191. 39335 16:33:37 (0) ** DCOM_RIGHT_ACCESS_REMOTE
  192. 39336 16:33:37 (0) **
  193. 39337 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
  194. 39338 16:33:37 (0) ** Removing default security will cause some operations to fail!
  195. 39339 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
  196. 39340 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
  197. 39341 16:33:37 (0) **
  198. 39342 16:33:37 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
  199. 39343 16:33:37 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
  200. 39344 16:33:37 (0) ** - REMOVED ACE:
  201. 39345 16:33:37 (0) ** ACEType: &h0
  202. 39346 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
  203. 39347 16:33:37 (0) ** ACEFlags: &h0
  204. 39348 16:33:37 (0) ** ACEMask: &h1F
  205. 39349 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
  206. 39350 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
  207. 39351 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
  208. 39352 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
  209. 39353 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
  210. 39354 16:33:37 (0) **
  211. 39355 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
  212. 39356 16:33:37 (0) ** Removing default security will cause some operations to fail!
  213. 39357 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
  214. 39358 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
  215. 39359 16:33:37 (0) **
  216. 39360 16:33:37 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
  217. 39361 16:33:37 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
  218. 39362 16:33:37 (0) ** - REMOVED ACE:
  219. 39363 16:33:37 (0) ** ACEType: &h0
  220. 39364 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
  221. 39365 16:33:37 (0) ** ACEFlags: &h0
  222. 39366 16:33:37 (0) ** ACEMask: &h1F
  223. 39367 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
  224. 39368 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
  225. 39369 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
  226. 39370 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
  227. 39371 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
  228. 39372 16:33:37 (0) **
  229. 39373 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
  230. 39374 16:33:37 (0) ** Removing default security will cause some operations to fail!
  231. 39375 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
  232. 39376 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
  233. 39377 16:33:37 (0) **
  234. 39378 16:33:37 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
  235. 39379 16:33:37 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
  236. 39380 16:33:37 (0) ** - REMOVED ACE:
  237. 39381 16:33:37 (0) ** ACEType: &h0
  238. 39382 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
  239. 39383 16:33:37 (0) ** ACEFlags: &h0
  240. 39384 16:33:37 (0) ** ACEMask: &h1F
  241. 39385 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
  242. 39386 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
  243. 39387 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
  244. 39388 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
  245. 39389 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
  246. 39390 16:33:37 (0) **
  247. 39391 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
  248. 39392 16:33:37 (0) ** Removing default security will cause some operations to fail!
  249. 39393 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
  250. 39394 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
  251. 39395 16:33:37 (0) **
  252. 39396 16:33:37 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
  253. 39397 16:33:37 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
  254. 39398 16:33:37 (0) ** - REMOVED ACE:
  255. 39399 16:33:37 (0) ** ACEType: &h0
  256. 39400 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
  257. 39401 16:33:37 (0) ** ACEFlags: &h0
  258. 39402 16:33:37 (0) ** ACEMask: &h1F
  259. 39403 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
  260. 39404 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
  261. 39405 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
  262. 39406 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
  263. 39407 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
  264. 39408 16:33:37 (0) **
  265. 39409 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
  266. 39410 16:33:37 (0) ** Removing default security will cause some operations to fail!
  267. 39411 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
  268. 39412 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
  269. 39413 16:33:37 (0) **
  270. 39414 16:33:37 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
  271. 39415 16:33:37 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
  272. 39416 16:33:37 (0) ** - REMOVED ACE:
  273. 39417 16:33:37 (0) ** ACEType: &h0
  274. 39418 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
  275. 39419 16:33:37 (0) ** ACEFlags: &h0
  276. 39420 16:33:37 (0) ** ACEMask: &hB
  277. 39421 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
  278. 39422 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
  279. 39423 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
  280. 39424 16:33:37 (0) **
  281. 39425 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
  282. 39426 16:33:37 (0) ** Removing default security will cause some operations to fail!
  283. 39427 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
  284. 39428 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
  285. 39429 16:33:37 (0) **
  286. 39430 16:33:37 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
  287. 39431 16:33:37 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
  288. 39432 16:33:37 (0) ** - REMOVED ACE:
  289. 39433 16:33:37 (0) ** ACEType: &h0
  290. 39434 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
  291. 39435 16:33:37 (0) ** ACEFlags: &h0
  292. 39436 16:33:37 (0) ** ACEMask: &h1F
  293. 39437 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
  294. 39438 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
  295. 39439 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
  296. 39440 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
  297. 39441 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
  298. 39442 16:33:37 (0) **
  299. 39443 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
  300. 39444 16:33:37 (0) ** Removing default security will cause some operations to fail!
  301. 39445 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
  302. 39446 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
  303. 39447 16:33:37 (0) **
  304. 39448 16:33:37 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
  305. 39449 16:33:37 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
  306. 39450 16:33:37 (0) ** - REMOVED ACE:
  307. 39451 16:33:37 (0) ** ACEType: &h0
  308. 39452 16:33:37 (0) ** ACCESS_ALLOWED_ACE_TYPE
  309. 39453 16:33:37 (0) ** ACEFlags: &h0
  310. 39454 16:33:37 (0) ** ACEMask: &h1F
  311. 39455 16:33:37 (0) ** DCOM_RIGHT_EXECUTE
  312. 39456 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
  313. 39457 16:33:37 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
  314. 39458 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
  315. 39459 16:33:37 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
  316. 39460 16:33:37 (0) **
  317. 39461 16:33:37 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
  318. 39462 16:33:37 (0) ** Removing default security will cause some operations to fail!
  319. 39463 16:33:37 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
  320. 39464 16:33:37 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
  321. 39465 16:33:37 (0) **
  322. 39466 16:33:37 (0) **
  323. 39467 16:33:37 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
  324. 39468 16:33:37 (0) ** DCOM security error(s) detected: .................................................................................... 10.
  325. 39469 16:33:37 (0) ** WMI security warning(s) detected: ................................................................................... 0.
  326. 39470 16:33:37 (0) ** WMI security error(s) detected: ..................................................................................... 0.
  327. 39471 16:33:37 (0) **
  328. 39472 16:33:37 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
  329. 39473 16:33:37 (0) ** Overall WMI security status: ........................................................................................ OK.
  330. 39474 16:33:37 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
  331. 39475 16:33:37 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 1.
  332. 39476 16:33:37 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
  333. 39477 16:33:37 (0) ** 'select * from MSFT_SCMEventLogEvent'
  334. 39478 16:33:37 (0) **
  335. 39479 16:33:37 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
  336. 39480 16:33:37 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 4 NAMESPACE(S)!
  337. 39481 16:33:37 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM.
  338. 39482 16:33:37 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION.
  339. 39483 16:33:37 (0) ** - ROOT/CIMV2/TERMINALSERVICES.
  340. 39484 16:33:37 (0) ** - ROOT/SERVICEMODEL.
  341. 39485 16:33:37 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
  342. 39486 16:33:37 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level.
  343. 39487 16:33:37 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
  344. 39488 16:33:37 (0) ** i.e. 'WMIC.EXE /NODE:"OSM-D10P-01" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity'
  345. 39489 16:33:37 (0) **
  346. 39490 16:33:37 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK.
  347. 39491 16:33:37 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 1 ERROR(S)!
  348. 39492 16:33:37 (0) ** - Root/nap, 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found.
  349. 39493 16:33:37 (0) **
  350. 39494 16:33:37 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 5 ERROR(S)!
  351. 39495 16:33:37 (0) ** - Root/CIMV2, Win32_FloppyDrive, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
  352. 39496 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
  353. 39497 16:33:37 (0) ** - Root/CIMV2, Win32_FloppyController, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
  354. 39498 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
  355. 39499 16:33:37 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServicesSession, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
  356. 39500 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
  357. 39501 16:33:37 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServicesSession, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
  358. 39502 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
  359. 39503 16:33:37 (0) ** - Root/WMI, Thread, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found.
  360. 39504 16:33:37 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
  361. 39505 16:33:37 (0) **
  362. 39506 16:33:37 (0) ** WMI MOF representations: ............................................................................................ OK.
  363. 39507 16:33:37 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
  364. 39508 16:33:37 (0) ** WMI ENUMERATION operations: ......................................................................................... OK.
  365. 39509 16:33:37 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
  366. 39510 16:33:37 (0) ** WMI GET VALUE operations: ........................................................................................... OK.
  367. 39511 16:33:37 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
  368. 39512 16:33:37 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
  369. 39513 16:33:37 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
  370. 39514 16:33:37 (0) ** WMI static instances retrieved: ..................................................................................... 1978.
  371. 39515 16:33:37 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
  372. 39516 16:33:37 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
  373. 39517 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  374. 39518 16:33:37 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
  375. 39519 16:33:37 (0) ** DCOM: ............................................................................................................. 0.
  376. 39520 16:33:37 (0) ** WINMGMT: .......................................................................................................... 0.
  377. 39521 16:33:37 (0) ** WMIADAPTER: ....................................................................................................... 0.
  378. 39522 16:33:37 (0) **
  379. 39523 16:33:37 (0) ** # of additional Event Log events AFTER WMIDiag execution:
  380. 39524 16:33:37 (0) ** DCOM: ............................................................................................................. 0.
  381. 39525 16:33:37 (0) ** WINMGMT: .......................................................................................................... 0.
  382. 39526 16:33:37 (0) ** WMIADAPTER: ....................................................................................................... 0.
  383. 39527 16:33:37 (0) **
  384. 39528 16:33:37 (0) ** 1 error(s) 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found
  385. 39529 16:33:37 (0) **
  386. 39530 16:33:37 (0) ** 5 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found
  387. 39531 16:33:37 (0) ** => This error is typically a WMI error. This WMI error is due to:
  388. 39532 16:33:37 (0) ** - a missing WMI class definition or object.
  389. 39533 16:33:37 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures).
  390. 39534 16:33:37 (0) ** You can correct the missing class definitions by:
  391. 39535 16:33:37 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP <FileName.MOF>' command.
  392. 39536 16:33:37 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag.
  393. 39537 16:33:37 (0) ** (This list can be built on a similar and working WMI Windows installation)
  394. 39538 16:33:37 (0) ** The following command line must be used:
  395. 39539 16:33:37 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider'
  396. 39540 16:33:37 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters
  397. 39541 16:33:37 (0) ** with WMI by starting the ADAP process.
  398. 39542 16:33:37 (0) ** - a WMI repository corruption.
  399. 39543 16:33:37 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter
  400. 39544 16:33:37 (0) ** to validate the WMI repository operations.
  401. 39545 16:33:37 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before
  402. 39546 16:33:37 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use:
  403. 39547 16:33:37 (0) ** i.e. 'WMIDiag WriteInRepository=Root'
  404. 39548 16:33:37 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces
  405. 39549 16:33:37 (0) ** the WMI repository must be reconstructed.
  406. 39550 16:33:37 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository,
  407. 39551 16:33:37 (0) ** otherwise some applications may fail after the reconstruction.
  408. 39552 16:33:37 (0) ** This can be achieved with the following command:
  409. 39553 16:33:37 (0) ** i.e. 'WMIDiag ShowMOFErrors'
  410. 39554 16:33:37 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing
  411. 39555 16:33:37 (0) ** ALL fixes previously mentioned.
  412. 39556 16:33:37 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory)
  413. 39557 16:33:37 (0) **
  414. 39558 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  415. 39559 16:33:37 (0) ** WMI Registry key setup: ............................................................................................. OK.
  416. 39560 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  417. 39561 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  418. 39562 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  419. 39563 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  420. 39564 16:33:37 (0) **
  421. 39565 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  422. 39566 16:33:37 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
  423. 39567 16:33:37 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
  424. 39568 16:33:37 (0) **
  425. 39569 16:33:37 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\ADEBRUIN\APPDATA\LOCAL\TEMP\WMIDIAG-V2.2_WIN8.1_.CLI.RTM.64_OSM-D10P-01_2017.09.20_16.27.43.LOG' for details.
  426. 39570 16:33:37 (0) **
  427. 39571 16:33:37 (0) ** WMIDiag v2.2 ended on woensdag 20 september 2017 at 16:33 (W:170 E:154 S:1).
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!