Re: security implications of disabling WMI service

I can see you resolved the issue, but there is nice utility from
Microsoft which is basically a VB Script which checks and suggests
corrective actions if problem is found with WMI. You can download it
from the following link...

Nice utility I would say, it helped me to resolve many WMI issues in
the past....


On 10/12/06, Free, Bob <RWF4@xxxxxxx> wrote:
>can I run something like process explorer or regmon/filemon

The enterprise versions of filemon/regmon can be run across the network
which is extremely usefull on occasion. One more good reason to drop a
few coins on the AdminPack :-)

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Murda Mcloud
Sent: Wednesday, October 11, 2006 3:45 PM
To: nikhil@xxxxxxxxxxxxxxxxx ; focus-ms@xxxxxxxxxxxxxxxxx
Subject: RE: Re: security implications of disabling WMI service

Okay, I found a hotfix at MS for it
and have applied it but it did seem to take a few reboots and disabling
then re-enabling the service before it worked.

Now what I couldn't work out was whether the WMI service needed to be
running WHEN the hotfix was applied(does that make sense?)

So I found that instead of disabling the service through msconfig I
rebooted and then reenabled the service through services.msc and set it
to auto and then rebooted and it worked.
A question I found myself asking also was can I run something like
process explorer or regmon/filemon before logging in? For instance, if a
startup script runs before logon, how do I check what files/services are
being used/called?

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx ]
On Behalf Of nikhil@xxxxxxxxxxxxxxxxx
Sent: Thursday, October 12, 2006 12:08 AM
To: focus-ms@xxxxxxxxxxxxxxxxx
Subject: Re: Re: security implications of disabling WMI service

Hello Harlan,

Yes, by saying "makes use" I mean to say it's an
"Windows Security Center" & "Windows ICS", both these services depends
on Windows Management Instrumentation (WMI) service. If you disable WMI
service, then above mentioned Service would fail to start.

Nikhil Wagholikar
Security Analyst

NII Consulting




Jitendra Kalyankar


Relevant Pages

  • Re: Look over this script.....could anything be done better?
    ... will be unable to connect with WMI. ... With this version of the script I have kept that included because the script that enumerates all of the servers has some servers that no longer exist. ... Dim objWMIService, colFixedDrives, objFD ...
  • RE: Does WMI have to be installed on Remote Computer?
    ... IMHO this looks like a well constructed and very vell commented script. ... WMI comes as standard on w2k w2k3 and xp, ... does WMI need to be installed on the remote computer in order for a ... ''' First try to ping the server. ...
  • Re: Create simple file share on the fly
    ... WMI share routine faithfully works. ... You can place the command line below as the final line in your WMI ... You might experiment with actual workstations to see if the script is ... the shares that I make from the Windows GUI, ...
  • RE: Starting Excel and doing "stuff"...
    ... I have a WMI .vbs that monitors a folder for new files. ... This code first creates an event filter that polls the repository every 5 ... can use another script or utilities like wbemtest.exe or CIM Studio). ... Active script event consumer has limitations, you can't make Excel visible, ...
  • Re: Patch Management & Identifying Hosts
    ... Patch Management of the Security Operations ... WMI is also an option. ... "A WSH script using VBScript is explained. ... the result from the online computers. ...