Re: WMI and Windows 2003 SP1

Roger,

I found the issue, the Service account needed to added to the Default Domain
Controller policy for the User Right Assignment "Impersonate a client after
authenication". Once I did that and restart WMI, all is well.

Thanks for responding though.

"Herm_MCP" wrote:

Roger,

When I look at the WBEM log :Framework.log, I see that it is failing on all
the classes with a bunch of errors similar to the one below:
Impersonation running as: NT AUTHORITY\NETWORK SERVICE 06/26/2006
12:13:46.857 thread:1460 [d:\srvrtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.3759]
ExecQueryAsync: select __RELPATH, LoadPercentage from Win32_Processor -
FAILED (80041003) 06/26/2006
12:13:46.857 thread:1460 [d:\srvrtm\admin\wmi\wbem\sdk\framedyn\wbemglue.cpp.830

Any ideas?
When I look at a machine that is working and not a DC, the impersonation is
done by \\domainname\computername$

Herman

"Roger Abell [MVP]" wrote:

Hmmm
I have not encountered what you report under those circumstances.
The KB is advisory that one should apply SP1 to the PDC FSMO first,
or at least synchronously with other DCs.
The existence of the new level of DCOM security does not in the default
configuration of fresh SP install have the impact you are indicating.
You would find that nesting such as Domain Admins in the DCom Users
group would have no effect on your current issue.

--
Roger Abell
Microsoft MVP (Windows Server : Security)

"Herm_MCP" <HermMCP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:D8945298-0134-4525-9D8A-CC1E4AB8F9FF@xxxxxxxxxxxxxxxx
Thanks for replying Roger.

The access is local and it only happens on the DCs of this domain.
Firewall
is turned off. I do not believe the Security Wizard was used.

What do you think about the article I listed earlier?

"Roger Abell [MVP]" wrote:

Is the access local, with the code running on the machine whose
WMI repository is accessed, or remote?
Do these W2k3 have the firewall turned on?
Was the Security Configuration Wizard used to tighten these?


"Herm_MCP" <HermMCP@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:59C6B3B3-4976-42FD-A232-34B4F218EBBB@xxxxxxxxxxxxxxxx
Morning,

I have an issue were WMI is giving an acces denied error when I try and
run
wmimgmt.msc. Also, when I run wbemtest and try to access the
W32_Processor
class I get a Access Denied.

The server(s) in question are 2003 Standard Edition SP1 boxes and I
think
this issue has something to do with this article :
http://support.microsoft.com/?kbid=914023

Anyone have any ideas.
Thanks,
Herman






.

Relevant Pages

  • RE: Downloading Problem
    ... Event Type: Error ... WMI Windows Management Instrumentation ... The Windows Security Center Service has started. ...
    (microsoft.public.windowsxp.help_and_support)
  • Win XP SP 2 WMI problem
    ... Top Threat: Windows Security Center Spoof ... disabled, or your antivirus is out of date, that news will display here. ... Management Instrumentation (WMI) subsystem built into Windows. ...
    (microsoft.public.windowsxp.configuration_manage)
  • Re: Out of Process execution and .NET
    ... "charlie" expressed in the message known ... I will impersonate a Domain ... security weakness of the highest sort. ... than a blanket Domain Admin account), ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • RE: WMIDiag Errors
    ... I managed to solve the WMI Namespace Security warnings. ...
    (microsoft.public.windowsxp.help_and_support)
  • [NT] Microsoft Windows Improper Token Validation
    ... Get your security news from a reliable source. ... Access tokens contain the following information: ... a thread can impersonate a client account. ... Tokens to access network shares using UNC. ...
    (Securiteam)