RE: Re: security implications of disabling WMI service



can I run something like process explorer or regmon/filemon

The enterprise versions of filemon/regmon can be run across the network
which is extremely usefull on occasion. One more good reason to drop a
few coins on the AdminPack :-)

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Murda Mcloud
Sent: Wednesday, October 11, 2006 3:45 PM
To: nikhil@xxxxxxxxxxxxxxxxx; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Re: security implications of disabling WMI service

Okay, I found a hotfix at MS for it
http://support.microsoft.com/kb/911262
and have applied it but it did seem to take a few reboots and disabling
then re-enabling the service before it worked.

Now what I couldn't work out was whether the WMI service needed to be
running WHEN the hotfix was applied(does that make sense?)

So I found that instead of disabling the service through msconfig I
rebooted and then reenabled the service through services.msc and set it
to auto and then rebooted and it worked.
A question I found myself asking also was can I run something like
process explorer or regmon/filemon before logging in? For instance, if a
startup script runs before logon, how do I check what files/services are
being used/called?

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of nikhil@xxxxxxxxxxxxxxxxx
Sent: Thursday, October 12, 2006 12:08 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Re: security implications of disabling WMI service

Hello Harlan,

Yes, by saying "makes use" I mean to say it's an
dependency.
"Windows Security Center" & "Windows ICS", both these services depends
on Windows Management Instrumentation (WMI) service. If you disable WMI
service, then above mentioned Service would fail to start.

Nikhil Wagholikar
Security Analyst

NII Consulting
Web: www.niiconsulting.com

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---




------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------