Guest Mike in Nebraska Posted July 9, 2008 Posted July 9, 2008 [also posted on microsoft.public.dotnet.framework.wmi] I have .NET 2.0 SP1, .NET 3.0 SP1 and .NET 3.5 running on a Windows Server 2003 R2 SP2, fully patched. It is NOT a DC. I have some WMI errors that apparently need .NET 3.5 SP1 (which isn't out yet, and I've tried but can't get the hotfix that will correct the problem), and am hoping that .NET 3.5 with n o errros in the WMI Diagnostic utility will do the trick. I ran it just now and it came back with a statement that WMI is operating correctly. However, the .txt file that was generated had some errors that I feel I should fix. However, I haven't a clue on how to do it in WMIMGMT.MSC. Here's the errors: 28011 14:59:36 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ...................................................................... MODIFIED. 28012 14:59:36 (1) !! ERROR: Actual trustee 'NT AUTHORITY\NETWORK SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default) 28013 14:59:36 (0) ** - ACTUAL ACE: 28014 14:59:36 (0) ** ACEType: &h0 28015 14:59:36 (0) ** ACCESS_ALLOWED_ACE_TYPE 28016 14:59:36 (0) ** ACEFlags: &h2 28017 14:59:36 (0) ** CONTAINER_INHERIT_ACE 28018 14:59:36 (0) ** ACEMask: &h1 28019 14:59:36 (0) ** WBEM_ENABLE 28020 14:59:36 (0) ** - EXPECTED ACE: 28021 14:59:36 (0) ** ACEType: &h0 28022 14:59:36 (0) ** ACCESS_ALLOWED_ACE_TYPE 28023 14:59:36 (0) ** ACEFlags: &h12 28024 14:59:36 (0) ** CONTAINER_INHERIT_ACE 28025 14:59:36 (0) ** INHERITED_ACE 28026 14:59:36 (0) ** ACEMask: &h13 28027 14:59:36 (0) ** WBEM_ENABLE 28028 14:59:36 (0) ** WBEM_METHOD_EXECUTE 28029 14:59:36 (0) ** WBEM_WRITE_PROVIDER 28030 14:59:36 (0) ** 28031 14:59:36 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed! 28032 14:59:36 (0) ** This will cause some operations to fail! 28033 14:59:36 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right. 28034 14:59:36 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 28035 14:59:36 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 28036 14:59:36 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 28037 14:59:36 (0) ** A specific WMI application can always require a security setup different 28038 14:59:36 (0) ** than the WMI security defaults. 28039 14:59:36 (0) ** 28040 14:59:36 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ...................................................................... MODIFIED. 28041 14:59:36 (1) !! ERROR: Actual trustee 'NT AUTHORITY\LOCAL SERVICE' DOES NOT match corresponding expected trustee rights (Actual->Default) 28042 14:59:36 (0) ** - ACTUAL ACE: 28043 14:59:36 (0) ** ACEType: &h0 28044 14:59:36 (0) ** ACCESS_ALLOWED_ACE_TYPE 28045 14:59:36 (0) ** ACEFlags: &h2 28046 14:59:36 (0) ** CONTAINER_INHERIT_ACE 28047 14:59:36 (0) ** ACEMask: &h1 28048 14:59:36 (0) ** WBEM_ENABLE 28049 14:59:36 (0) ** - EXPECTED ACE: 28050 14:59:36 (0) ** ACEType: &h0 28051 14:59:36 (0) ** ACCESS_ALLOWED_ACE_TYPE 28052 14:59:36 (0) ** ACEFlags: &h12 28053 14:59:36 (0) ** CONTAINER_INHERIT_ACE 28054 14:59:36 (0) ** INHERITED_ACE 28055 14:59:36 (0) ** ACEMask: &h13 28056 14:59:36 (0) ** WBEM_ENABLE 28057 14:59:36 (0) ** WBEM_METHOD_EXECUTE 28058 14:59:36 (0) ** WBEM_WRITE_PROVIDER 28059 14:59:36 (0) ** 28060 14:59:36 (0) ** => The actual ACE has the right(s) '&h12 WBEM_METHOD_EXECUTE WBEM_WRITE_PROVIDER' removed! 28061 14:59:36 (0) ** This will cause some operations to fail! 28062 14:59:36 (0) ** It is possible to fix this issue by editing the security descriptor and adding the removed right. 28063 14:59:36 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 28064 14:59:36 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 28065 14:59:36 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 28066 14:59:36 (0) ** A specific WMI application can always require a security setup different 28067 14:59:36 (0) ** than the WMI security defaults. 28068 14:59:36 (0) ** 28069 14:59:36 (0) ** WMI namespace security for 'ROOT/SERVICEMODEL': ...................................................................... MODIFIED. 28070 14:59:36 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 28071 14:59:36 (0) ** - REMOVED ACE: 28072 14:59:36 (0) ** ACEType: &h0 28073 14:59:36 (0) ** ACCESS_ALLOWED_ACE_TYPE 28074 14:59:36 (0) ** ACEFlags: &h12 28075 14:59:36 (0) ** CONTAINER_INHERIT_ACE 28076 14:59:36 (0) ** INHERITED_ACE 28077 14:59:36 (0) ** ACEMask: &h13 28078 14:59:36 (0) ** WBEM_ENABLE 28079 14:59:36 (0) ** WBEM_METHOD_EXECUTE 28080 14:59:36 (0) ** WBEM_WRITE_PROVIDER 28081 14:59:36 (0) ** 28082 14:59:36 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 28083 14:59:36 (0) ** Removing default security will cause some operations to fail! 28084 14:59:36 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 28085 14:59:36 (0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'. 28086 14:59:36 (0) ** Note: WMIDiag has no specific knowledge of this WMI namespace. 28087 14:59:36 (0) ** The security diagnostic is based on the WMI namespace expected defaults. 28088 14:59:36 (0) ** A specific WMI application can always require a security setup different 28089 14:59:36 (0) ** than the WMI security defaults. Since these aren't the default, they may be significant errors for what I want to do (install Office Sharepoint Server 2007). I don't know why I have anything that is not default. I did a fresh install of the OS the other day, joined it to a SBS domain and set it up as a Application Server. Would sure appreciate any help/advice/comments. -- Mike Webb Platte River Whooping Crane Maintenance Trust, Inc. a conservation non-profit (501 ©(3)) organization Wood River, NE
Recommended Posts