29084 20:07:17 (0) ** WMIDiag v2.2 started on 27 września 2016 at 19:58. 29085 20:07:17 (0) ** 29086 20:07:17 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007. 29087 20:07:17 (0) ** 29088 20:07:17 (0) ** This script is not supported under any Microsoft standard support program or service. 29089 20:07:17 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all 29090 20:07:17 (0) ** implied warranties including, without limitation, any implied warranties of merchantability 29091 20:07:17 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance 29092 20:07:17 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors, 29093 20:07:17 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for 29094 20:07:17 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits, 29095 20:07:17 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of 29096 20:07:17 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised 29097 20:07:17 (0) ** of the possibility of such damages. 29098 20:07:17 (0) ** 29099 20:07:17 (0) ** 29100 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29101 20:07:17 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ---------------------------------------------------------- 29102 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29103 20:07:17 (0) ** 29104 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29105 20:07:17 (0) ** Windows 7 - Service Pack 1 - 64-bit (7601) - User 'USER-KOMPUTER\USER' on computer 'USER-KOMPUTER'. 29106 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29107 20:07:17 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)! 29108 20:07:17 (0) ** INFO: => 3 possible incorrect shutdown(s) detected on: 29109 20:07:17 (0) ** - Shutdown on 19 September 2016 19:06:35 (GMT-0). 29110 20:07:17 (0) ** - Shutdown on 31 December 2010 21:10:11 (GMT-0). 29111 20:07:17 (0) ** - Shutdown on 31 December 2010 20:15:00 (GMT-0). 29112 20:07:17 (0) ** 29113 20:07:17 (0) ** System drive: ....................................................................................................... C: (Disk #0 Partition #1). 29114 20:07:17 (0) ** Drive type: ......................................................................................................... IDE (ST350063 0AS SATA Disk Device). 29115 20:07:17 (0) ** There are no missing WMI system files: .............................................................................. OK. 29116 20:07:17 (0) ** There are no missing WMI repository files: .......................................................................... OK. 29117 20:07:17 (0) ** WMI repository state: ............................................................................................... N/A. 29118 20:07:17 (0) ** AFTER running WMIDiag: 29119 20:07:17 (0) ** The WMI repository has a size of: ................................................................................... 24 MB. 29120 20:07:17 (0) ** - Disk free space on 'C:': .......................................................................................... 332037 MB. 29121 20:07:17 (0) ** - INDEX.BTR, 5570560 bytes, 2016-09-27 19:55:32 29122 20:07:17 (0) ** - MAPPING1.MAP, 63040 bytes, 2016-09-27 15:59:45 29123 20:07:17 (0) ** - MAPPING2.MAP, 63040 bytes, 2016-09-27 17:06:25 29124 20:07:17 (0) ** - OBJECTS.DATA, 19349504 bytes, 2016-09-27 19:55:32 29125 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29126 20:07:17 (2) !! WARNING: Windows Firewall Service: .................................................................................. STOPPED. 29127 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29128 20:07:17 (0) ** DCOM Status: ........................................................................................................ OK. 29129 20:07:17 (0) ** WMI registry setup: ................................................................................................. OK. 29130 20:07:17 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)! 29131 20:07:17 (0) ** - Security Center (WSCSVC, StartMode='Automatic') 29132 20:07:17 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Disabled') 29133 20:07:17 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well. 29134 20:07:17 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but 29135 20:07:17 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped, 29136 20:07:17 (0) ** this can prevent the service/application to work as expected. 29137 20:07:17 (0) ** 29138 20:07:17 (0) ** RPCSS service: ...................................................................................................... OK (Already started). 29139 20:07:17 (0) ** WINMGMT service: .................................................................................................... OK (Already started). 29140 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29141 20:07:17 (0) ** WMI service DCOM setup: ............................................................................................. OK. 29142 20:07:17 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 2 WARNING(S)! 29143 20:07:17 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\IPMIPRV.DLL (\CLSID\{FD209E2E-813B-41C0-8646-4C3E9C917511}\InProcServer32) 29144 20:07:17 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SERVERCOMPPROV.DLL (\CLSID\{9042E1B1-8FD4-4008-89FE-4040CC74575A}\InProcServer32) 29145 20:07:17 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to 29146 20:07:17 (0) ** fail depending on the operation requested. 29147 20:07:17 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE ' command. 29148 20:07:17 (0) ** 29149 20:07:17 (0) ** WMI ProgID registrations: ........................................................................................... OK. 29150 20:07:17 (2) !! WARNING: WMI provider DCOM registrations missing for the following provider(s): ..................................... 1 WARNING(S)! 29151 20:07:17 (0) ** - ROOT/CIMV2, InvProv ({F4BA59CC-2506-45AE-84C8-78EA8D7F9B3E}) (i.e. WMI Class 'Win32_InstalledWin32Program') 29152 20:07:17 (0) ** Provider DLL: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 29153 20:07:17 (0) ** => This is an issue because there are still some WMI classes referencing this list of providers 29154 20:07:17 (0) ** while the DCOM registration is wrong or missing. This can be due to: 29155 20:07:17 (0) ** - a de-installation of the software. 29156 20:07:17 (0) ** - a deletion of some registry key data. 29157 20:07:17 (0) ** - a registry corruption. 29158 20:07:17 (0) ** => You can correct the DCOM configuration by: 29159 20:07:17 (0) ** - Executing the 'REGSVR32.EXE ' command. 29160 20:07:17 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag. 29161 20:07:17 (0) ** (This list can be built on a similar and working WMI Windows installation) 29162 20:07:17 (0) ** The following command line must be used: 29163 20:07:17 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider' 29164 20:07:17 (2) !! WARNING: Re-registering with REGSVR32.EXE all DLL from 'C:\WINDOWS\SYSTEM32\WBEM\' 29165 20:07:17 (0) ** may not solve the problem as the DLL supporting the WMI class(es) 29166 20:07:17 (0) ** can be located in a different folder. 29167 20:07:17 (0) ** You must refer to the class name to determine the software delivering the related DLL. 29168 20:07:17 (0) ** => If the software has been de-installed intentionally, then this information must be 29169 20:07:17 (0) ** removed from the WMI repository. You can use the 'WMIC.EXE' command to remove 29170 20:07:17 (0) ** the provider registration data. 29171 20:07:17 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT\CIMV2 path __Win32Provider Where Name='InvProv' DELETE' 29172 20:07:17 (0) ** => If the namespace was ENTIRELY dedicated to the intentionally de-installed software, 29173 20:07:17 (0) ** the namespace and ALL its content can be ENTIRELY deleted. 29174 20:07:17 (0) ** i.e. 'WMIC.EXE /NAMESPACE:\\ROOT path __NAMESPACE Where Name='CIMV2' DELETE' 29175 20:07:17 (0) ** - Re-installing the software. 29176 20:07:17 (0) ** 29177 20:07:17 (0) ** WMI provider CIM registrations: ..................................................................................... OK. 29178 20:07:17 (0) ** WMI provider CLSIDs: ................................................................................................ OK. 29179 20:07:17 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK. 29180 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29181 20:07:17 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED. 29182 20:07:17 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context. 29183 20:07:17 (0) ** i.e. You can start your scripts or WMIC commands from an elevated command 29184 20:07:17 (0) ** prompt by right clicking on the 'Command Prompt' icon in the Start Menu and 29185 20:07:17 (0) ** selecting 'Run as Administrator'. 29186 20:07:17 (0) ** i.e. You can also execute the WMI scripts or WMIC commands as a task 29187 20:07:17 (0) ** in the Task Scheduler within the right security context. 29188 20:07:17 (0) ** 29189 20:07:17 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED. 29190 20:07:17 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative 29191 20:07:17 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer 29192 20:07:17 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote 29193 20:07:17 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group. 29194 20:07:17 (0) ** 29195 20:07:17 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 29196 20:07:17 (1) !! ERROR: Default trustee 'NT AUTHORITY\ANONYMOUS LOGON' has been REMOVED! 29197 20:07:17 (0) ** - REMOVED ACE: 29198 20:07:17 (0) ** ACEType: &h0 29199 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29200 20:07:17 (0) ** ACEFlags: &h0 29201 20:07:17 (0) ** ACEMask: &h3 29202 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29203 20:07:17 (0) ** DCOM_RIGHT_ACCESS_LOCAL 29204 20:07:17 (0) ** 29205 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29206 20:07:17 (0) ** Removing default security will cause some operations to fail! 29207 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29208 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29209 20:07:17 (0) ** 29210 20:07:17 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 29211 20:07:17 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED! 29212 20:07:17 (0) ** - REMOVED ACE: 29213 20:07:17 (0) ** ACEType: &h0 29214 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29215 20:07:17 (0) ** ACEFlags: &h0 29216 20:07:17 (0) ** ACEMask: &h7 29217 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29218 20:07:17 (0) ** DCOM_RIGHT_ACCESS_LOCAL 29219 20:07:17 (0) ** DCOM_RIGHT_ACCESS_REMOTE 29220 20:07:17 (0) ** 29221 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29222 20:07:17 (0) ** Removing default security will cause some operations to fail! 29223 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29224 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29225 20:07:17 (0) ** 29226 20:07:17 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 29227 20:07:17 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 29228 20:07:17 (0) ** - REMOVED ACE: 29229 20:07:17 (0) ** ACEType: &h0 29230 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29231 20:07:17 (0) ** ACEFlags: &h0 29232 20:07:17 (0) ** ACEMask: &h7 29233 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29234 20:07:17 (0) ** DCOM_RIGHT_ACCESS_LOCAL 29235 20:07:17 (0) ** DCOM_RIGHT_ACCESS_REMOTE 29236 20:07:17 (0) ** 29237 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29238 20:07:17 (0) ** Removing default security will cause some operations to fail! 29239 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29240 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29241 20:07:17 (0) ** 29242 20:07:17 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 29243 20:07:17 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 29244 20:07:17 (0) ** - REMOVED ACE: 29245 20:07:17 (0) ** ACEType: &h0 29246 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29247 20:07:17 (0) ** ACEFlags: &h0 29248 20:07:17 (0) ** ACEMask: &h1F 29249 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29250 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29251 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 29252 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29253 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 29254 20:07:17 (0) ** 29255 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29256 20:07:17 (0) ** Removing default security will cause some operations to fail! 29257 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29258 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29259 20:07:17 (0) ** 29260 20:07:17 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 29261 20:07:17 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED! 29262 20:07:17 (0) ** - REMOVED ACE: 29263 20:07:17 (0) ** ACEType: &h0 29264 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29265 20:07:17 (0) ** ACEFlags: &h0 29266 20:07:17 (0) ** ACEMask: &h1F 29267 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29268 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29269 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 29270 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29271 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 29272 20:07:17 (0) ** 29273 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29274 20:07:17 (0) ** Removing default security will cause some operations to fail! 29275 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29276 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29277 20:07:17 (0) ** 29278 20:07:17 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 29279 20:07:17 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED! 29280 20:07:17 (0) ** - REMOVED ACE: 29281 20:07:17 (0) ** ACEType: &h0 29282 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29283 20:07:17 (0) ** ACEFlags: &h0 29284 20:07:17 (0) ** ACEMask: &h1F 29285 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29286 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29287 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 29288 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29289 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 29290 20:07:17 (0) ** 29291 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29292 20:07:17 (0) ** Removing default security will cause some operations to fail! 29293 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29294 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29295 20:07:17 (0) ** 29296 20:07:17 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 29297 20:07:17 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 29298 20:07:17 (0) ** - REMOVED ACE: 29299 20:07:17 (0) ** ACEType: &h0 29300 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29301 20:07:17 (0) ** ACEFlags: &h0 29302 20:07:17 (0) ** ACEMask: &h1F 29303 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29304 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29305 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 29306 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29307 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 29308 20:07:17 (0) ** 29309 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29310 20:07:17 (0) ** Removing default security will cause some operations to fail! 29311 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29312 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29313 20:07:17 (0) ** 29314 20:07:17 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 29315 20:07:17 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED! 29316 20:07:17 (0) ** - REMOVED ACE: 29317 20:07:17 (0) ** ACEType: &h0 29318 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29319 20:07:17 (0) ** ACEFlags: &h0 29320 20:07:17 (0) ** ACEMask: &h1F 29321 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29322 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29323 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 29324 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29325 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 29326 20:07:17 (0) ** 29327 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29328 20:07:17 (0) ** Removing default security will cause some operations to fail! 29329 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29330 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29331 20:07:17 (0) ** 29332 20:07:17 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 29333 20:07:17 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 29334 20:07:17 (0) ** - REMOVED ACE: 29335 20:07:17 (0) ** ACEType: &h0 29336 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29337 20:07:17 (0) ** ACEFlags: &h0 29338 20:07:17 (0) ** ACEMask: &hB 29339 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29340 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29341 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29342 20:07:17 (0) ** 29343 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29344 20:07:17 (0) ** Removing default security will cause some operations to fail! 29345 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29346 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29347 20:07:17 (0) ** 29348 20:07:17 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 29349 20:07:17 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 29350 20:07:17 (0) ** - REMOVED ACE: 29351 20:07:17 (0) ** ACEType: &h0 29352 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29353 20:07:17 (0) ** ACEFlags: &h0 29354 20:07:17 (0) ** ACEMask: &h1F 29355 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29356 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29357 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 29358 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29359 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 29360 20:07:17 (0) ** 29361 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29362 20:07:17 (0) ** Removing default security will cause some operations to fail! 29363 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29364 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29365 20:07:17 (0) ** 29366 20:07:17 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 29367 20:07:17 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED! 29368 20:07:17 (0) ** - REMOVED ACE: 29369 20:07:17 (0) ** ACEType: &h0 29370 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29371 20:07:17 (0) ** ACEFlags: &h0 29372 20:07:17 (0) ** ACEMask: &h1F 29373 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29374 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29375 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 29376 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29377 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 29378 20:07:17 (0) ** 29379 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29380 20:07:17 (0) ** Removing default security will cause some operations to fail! 29381 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29382 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29383 20:07:17 (0) ** 29384 20:07:17 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 29385 20:07:17 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED! 29386 20:07:17 (0) ** - REMOVED ACE: 29387 20:07:17 (0) ** ACEType: &h0 29388 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29389 20:07:17 (0) ** ACEFlags: &h0 29390 20:07:17 (0) ** ACEMask: &h1F 29391 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29392 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29393 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 29394 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29395 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 29396 20:07:17 (0) ** 29397 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29398 20:07:17 (0) ** Removing default security will cause some operations to fail! 29399 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29400 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29401 20:07:17 (0) ** 29402 20:07:17 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 29403 20:07:17 (1) !! ERROR: Default trustee 'NT AUTHORITY\NETWORK SERVICE' has been REMOVED! 29404 20:07:17 (0) ** - REMOVED ACE: 29405 20:07:17 (0) ** ACEType: &h0 29406 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29407 20:07:17 (0) ** ACEFlags: &h0 29408 20:07:17 (0) ** ACEMask: &h1F 29409 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29410 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29411 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 29412 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29413 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 29414 20:07:17 (0) ** 29415 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29416 20:07:17 (0) ** Removing default security will cause some operations to fail! 29417 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29418 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29419 20:07:17 (0) ** 29420 20:07:17 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 29421 20:07:17 (1) !! ERROR: Default trustee 'NT AUTHORITY\LOCAL SERVICE' has been REMOVED! 29422 20:07:17 (0) ** - REMOVED ACE: 29423 20:07:17 (0) ** ACEType: &h0 29424 20:07:17 (0) ** ACCESS_ALLOWED_ACE_TYPE 29425 20:07:17 (0) ** ACEFlags: &h0 29426 20:07:17 (0) ** ACEMask: &h1F 29427 20:07:17 (0) ** DCOM_RIGHT_EXECUTE 29428 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 29429 20:07:17 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 29430 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 29431 20:07:17 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 29432 20:07:17 (0) ** 29433 20:07:17 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 29434 20:07:17 (0) ** Removing default security will cause some operations to fail! 29435 20:07:17 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 29436 20:07:17 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 29437 20:07:17 (0) ** 29438 20:07:17 (0) ** 29439 20:07:17 (0) ** DCOM security warning(s) detected: .................................................................................. 0. 29440 20:07:17 (0) ** DCOM security error(s) detected: .................................................................................... 14. 29441 20:07:17 (0) ** WMI security warning(s) detected: ................................................................................... 0. 29442 20:07:17 (0) ** WMI security error(s) detected: ..................................................................................... 0. 29443 20:07:17 (0) ** 29444 20:07:17 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR! 29445 20:07:17 (0) ** Overall WMI security status: ........................................................................................ OK. 29446 20:07:17 (0) ** - Started at 'Root' -------------------------------------------------------------------------------------------------------------- 29447 20:07:17 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2. 29448 20:07:17 (0) ** - ROOT/SUBSCRIPTION, CommandLineEventConsumer.Name="BVTConsumer". 29449 20:07:17 (0) ** 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99' 29450 20:07:17 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer". 29451 20:07:17 (0) ** 'select * from MSFT_SCMEventLogEvent' 29452 20:07:17 (0) ** 29453 20:07:17 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE. 29454 20:07:17 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 4 NAMESPACE(S)! 29455 20:07:17 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM. 29456 20:07:17 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION. 29457 20:07:17 (0) ** - ROOT/CIMV2/TERMINALSERVICES. 29458 20:07:17 (0) ** - ROOT/SERVICEMODEL. 29459 20:07:17 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to 29460 20:07:17 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level. 29461 20:07:17 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags) 29462 20:07:17 (0) ** i.e. 'WMIC.EXE /NODE:"USER-KOMPUTER" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity' 29463 20:07:17 (0) ** 29464 20:07:17 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK. 29465 20:07:17 (0) ** WMI CONNECTIONS: .................................................................................................... OK. 29466 20:07:17 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 2 ERROR(S)! 29467 20:07:17 (0) ** - Root/CIMV2, Win32_PerfFormattedData_Spooler_PrintQueue, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29468 20:07:17 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 29469 20:07:17 (0) ** - Root/CIMV2, Win32_PerfRawData_Spooler_PrintQueue, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 29470 20:07:17 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 29471 20:07:17 (0) ** 29472 20:07:17 (0) ** WMI MOF representations: ............................................................................................ OK. 29473 20:07:17 (0) ** WMI QUALIFIER access operations: .................................................................................... OK. 29474 20:07:17 (0) ** WMI ENUMERATION operations: ......................................................................................... OK. 29475 20:07:17 (0) ** WMI EXECQUERY operations: ........................................................................................... OK. 29476 20:07:17 (1) !! ERROR: WMI GET VALUE operation errors reported: ..................................................................... 1 ERROR(S)! 29477 20:07:17 (0) ** - Root/CIMV2, Instance: Win32_Service='WSCSVC', Property: Displayname='Centrum zabezpieczeń' (Expected default='Security Center'). 29478 20:07:17 (0) ** 29479 20:07:17 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED. 29480 20:07:17 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED. 29481 20:07:17 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED. 29482 20:07:17 (0) ** WMI static instances retrieved: ..................................................................................... 1774. 29483 20:07:17 (0) ** WMI dynamic instances retrieved: .................................................................................... 0. 29484 20:07:17 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1. 29485 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29486 20:07:17 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s): 29487 20:07:17 (0) ** DCOM: ............................................................................................................. 0. 29488 20:07:17 (0) ** WINMGMT: .......................................................................................................... 0. 29489 20:07:17 (0) ** WMIADAPTER: ....................................................................................................... 0. 29490 20:07:17 (0) ** 29491 20:07:17 (0) ** # of additional Event Log events AFTER WMIDiag execution: 29492 20:07:17 (0) ** DCOM: ............................................................................................................. 0. 29493 20:07:17 (0) ** WINMGMT: .......................................................................................................... 0. 29494 20:07:17 (0) ** WMIADAPTER: ....................................................................................................... 0. 29495 20:07:17 (0) ** 29496 20:07:17 (0) ** 2 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found 29497 20:07:17 (0) ** => This error is typically a WMI error. This WMI error is due to: 29498 20:07:17 (0) ** - a missing WMI class definition or object. 29499 20:07:17 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures). 29500 20:07:17 (0) ** You can correct the missing class definitions by: 29501 20:07:17 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP ' command. 29502 20:07:17 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag. 29503 20:07:17 (0) ** (This list can be built on a similar and working WMI Windows installation) 29504 20:07:17 (0) ** The following command line must be used: 29505 20:07:17 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider' 29506 20:07:17 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters 29507 20:07:17 (0) ** with WMI by starting the ADAP process. 29508 20:07:17 (0) ** - a WMI repository corruption. 29509 20:07:17 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter 29510 20:07:17 (0) ** to validate the WMI repository operations. 29511 20:07:17 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before 29512 20:07:17 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use: 29513 20:07:17 (0) ** i.e. 'WMIDiag WriteInRepository=Root' 29514 20:07:17 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces 29515 20:07:17 (0) ** the WMI repository must be reconstructed. 29516 20:07:17 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository, 29517 20:07:17 (0) ** otherwise some applications may fail after the reconstruction. 29518 20:07:17 (0) ** This can be achieved with the following command: 29519 20:07:17 (0) ** i.e. 'WMIDiag ShowMOFErrors' 29520 20:07:17 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing 29521 20:07:17 (0) ** ALL fixes previously mentioned. 29522 20:07:17 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory) 29523 20:07:17 (0) ** 29524 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29525 20:07:17 (0) ** WMI Registry key setup: ............................................................................................. OK. 29526 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29527 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29528 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29529 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29530 20:07:17 (0) ** 29531 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29532 20:07:17 (0) ** ------------------------------------------------------ WMI REPORT: END ----------------------------------------------------------- 29533 20:07:17 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 29534 20:07:17 (0) ** 29535 20:07:17 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\USER\APPDATA\LOCAL\TEMP\WMIDIAG-V2.2_WIN7_.CLI.SP1.64_USER-KOMPUTER_2016.09.27_19.58.02.LOG' for details. 29536 20:07:17 (0) ** 29537 20:07:17 (0) ** WMIDiag v2.2 ended on 27 września 2016 at 20:07 (W:90 E:29 S:1).