The first thing we're going to look at is ensuring that the COM Security settings are configured correctly. Oftentimes the default COM permissions may have been modified by application installations or GPO settings. We covered the security aspects of COM / DCOM in an earlier post, titled COM and DCOM for Administrators . Incorrectly configured permissions can cause WMI to fail. We can use the built-in DCOMCNFG utility to verify the permissions as shown below:
Windows 2000 | Windows XP, Windows 2003 |
|
|
|
Under the Default Launch Permissions you need to make sure that the following users / groups have the Allow Launch permission: INTERACTIVE , SYSTEM and Administrators . Under the Default Access Permissions ensure only the following accounts are listed:
OS | Account |
Windows 2000 | none |
Windows XP RTM & SP1 | SYSTEM |
Windows XP SP2 & Windows Server 2003 |
SELF
SYSTEM |
If these Access Permissions settings have been modified, then you need to ensure that the following users / groups have been explicitly granted Access Permission: INTERACTIVE , SYSTEM and Administrators . As a shortcut, you can export the following registry key (so that you have a backup), and then delete the key & reboot, so that you restore the original default values: HKLM\SOFTWARE\Microsoft\Ole\DefaultAccessPermission . On Windows XP and Windows Server 2003, you can also export the following keys (again, so you have backups) and then delete the key & reboot so that the original default limits are restored: HKLM\SOFTWARE\Microsoft\Ole\MachineAccessRestriction & HKLM\SOFTWARE\Microsoft\Ole\MachineLaunchRestriction .
In addition, the WMI DCOM settings should also be checked - again, using the DCOMCNFG utility as before:
Windows 2000 | Windows XP, Windows 2003 |
|
|
|
Verify the settings below against what is configured on the system:
Setting | Windows 2000 | Windows XP / Windows Server 2003 |
Authentication Level | Default | Default |
Launch Permissions | Use Default | Everyone |
Access Permissions | Use Default | Use Default |
And that brings us to the end of this post. There's much more to come on WMI, so stay tuned!
- Axel Rivera
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.