Publicité
Publicité
Format du document : text/plain
Prévisualisation
24068 20:56:10 (0) ** WMIDiag v2.2 started on mercredi 5 avril 2017 at 20:51.
24069 20:56:10 (0) **
24070 20:56:10 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007.
24071 20:56:10 (0) **
24072 20:56:10 (0) ** This script is not supported under any Microsoft standard support program or service.
24073 20:56:10 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
24074 20:56:10 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
24075 20:56:10 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
24076 20:56:10 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
24077 20:56:10 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
24078 20:56:10 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
24079 20:56:10 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
24080 20:56:10 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
24081 20:56:10 (0) ** of the possibility of such damages.
24082 20:56:10 (0) **
24083 20:56:10 (0) **
24084 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24085 20:56:10 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
24086 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24087 20:56:10 (0) **
24088 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24089 20:56:10 (0) ** Windows 7 - Service Pack 1 - 64-bit (7601) - User 'BDK-PC\BDK' on computer 'BDK-PC'.
24090 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24091 20:56:10 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
24092 20:56:10 (0) ** INFO: => 7 possible incorrect shutdown(s) detected on:
24093 20:56:10 (0) ** - Shutdown on 25 January 2017 04:55:51 (GMT-0).
24094 20:56:10 (0) ** - Shutdown on 31 January 2017 22:53:24 (GMT-0).
24095 20:56:10 (0) ** - Shutdown on 14 February 2017 21:20:05 (GMT-0).
24096 20:56:10 (0) ** - Shutdown on 05 March 2017 03:53:55 (GMT-0).
24097 20:56:10 (0) ** - Shutdown on 19 March 2017 00:45:40 (GMT-0).
24098 20:56:10 (0) ** - Shutdown on 30 March 2017 15:43:19 (GMT-0).
24099 20:56:10 (0) ** - Shutdown on 04 April 2017 21:34:13 (GMT-0).
24100 20:56:10 (0) **
24101 20:56:10 (0) ** System drive: ....................................................................................................... C: (Disque n° 0 partition n° 0).
24102 20:56:10 (0) ** Drive type: ......................................................................................................... IDE (KINGSTON SHSS37A240G ATA Device).
24103 20:56:10 (0) ** There are no missing WMI system files: .............................................................................. OK.
24104 20:56:10 (0) ** There are no missing WMI repository files: .......................................................................... OK.
24105 20:56:10 (0) ** WMI repository state: ............................................................................................... N/A.
24106 20:56:10 (0) ** AFTER running WMIDiag:
24107 20:56:10 (0) ** The WMI repository has a size of: ................................................................................... 25 MB.
24108 20:56:10 (0) ** - Disk free space on 'C:': .......................................................................................... 110995 MB.
24109 20:56:10 (0) ** - INDEX.BTR, 5251072 bytes, 05/04/2017 20:43:46
24110 20:56:10 (0) ** - MAPPING1.MAP, 67256 bytes, 05/04/2017 20:33:46
24111 20:56:10 (0) ** - MAPPING2.MAP, 67256 bytes, 05/04/2017 20:51:00
24112 20:56:10 (0) ** - OBJECTS.DATA, 20848640 bytes, 05/04/2017 20:43:46
24113 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24114 20:56:10 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
24115 20:56:10 (0) ** Windows Firewall Profile: ........................................................................................... PUBLIC.
24116 20:56:10 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
24117 20:56:10 (0) ** => This will prevent any WMI remote connectivity to this computer except
24118 20:56:10 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING:
24119 20:56:10 (0) ** - 'Windows Management Instrumentation (DCOM-In)'
24120 20:56:10 (0) ** - 'Windows Management Instrumentation (WMI-In)'
24121 20:56:10 (0) ** - 'Windows Management Instrumentation (ASync-In)'
24122 20:56:10 (0) ** Verify the reported status for each of these three inbound rules below.
24123 20:56:10 (0) **
24124 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
24125 20:56:10 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
24126 20:56:10 (0) ** - You can adjust the configuration by executing the following command:
24127 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
24128 20:56:10 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
24129 20:56:10 (0) ** You can also enable each individual rule instead of activating the group rule.
24130 20:56:10 (0) **
24131 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED.
24132 20:56:10 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine.
24133 20:56:10 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity.
24134 20:56:10 (0) ** - You can adjust the configuration of this rule by executing the following command:
24135 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES'
24136 20:56:10 (0) **
24137 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED.
24138 20:56:10 (0) ** => This will prevent any WMI inbound connectivity to this machine.
24139 20:56:10 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity.
24140 20:56:10 (0) ** - You can adjust the configuration of this rule by executing the following command:
24141 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES'
24142 20:56:10 (0) **
24143 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED.
24144 20:56:10 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine.
24145 20:56:10 (0) ** - You can adjust the configuration of this rule by executing the following command:
24146 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES'
24147 20:56:10 (0) **
24148 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24149 20:56:10 (0) ** DCOM Status: ........................................................................................................ OK.
24150 20:56:10 (0) ** WMI registry setup: ................................................................................................. OK.
24151 20:56:10 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
24152 20:56:10 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
24153 20:56:10 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Manual')
24154 20:56:10 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
24155 20:56:10 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
24156 20:56:10 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
24157 20:56:10 (0) ** this can prevent the service/application to work as expected.
24158 20:56:10 (0) **
24159 20:56:10 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
24160 20:56:10 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
24161 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24162 20:56:10 (0) ** WMI service DCOM setup: ............................................................................................. OK.
24163 20:56:10 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 2 WARNING(S)!
24164 20:56:10 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\IPMIPRV.DLL (\CLSID\{FD209E2E-813B-41C0-8646-4C3E9C917511}\InProcServer32)
24165 20:56:10 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SERVERCOMPPROV.DLL (\CLSID\{9042E1B1-8FD4-4008-89FE-4040CC74575A}\InProcServer32)
24166 20:56:10 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
24167 20:56:10 (0) ** fail depending on the operation requested.
24168 20:56:10 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE' command.
24169 20:56:10 (0) **
24170 20:56:10 (0) ** WMI ProgID registrations: ........................................................................................... OK.
24171 20:56:10 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
24172 20:56:10 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
24173 20:56:10 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
24174 20:56:10 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
24175 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24176 20:56:10 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED.
24177 20:56:10 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context.
24178 20:56:10 (0) ** i.e. You can start your scripts or WMIC commands from an elevated command
24179 20:56:10 (0) ** prompt by right clicking on the 'Command Prompt' icon in the Start Menu and
24180 20:56:10 (0) ** selecting 'Run as Administrator'.
24181 20:56:10 (0) ** i.e. You can also execute the WMI scripts or WMIC commands as a task
24182 20:56:10 (0) ** in the Task Scheduler within the right security context.
24183 20:56:10 (0) **
24184 20:56:10 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
24185 20:56:10 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
24186 20:56:10 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
24187 20:56:10 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote
24188 20:56:10 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
24189 20:56:10 (0) **
24190 20:56:10 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
24191 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\ANONYMOUS LOGON' has been REMOVED!
24192 20:56:10 (0) ** - REMOVED ACE:
24193 20:56:10 (0) ** ACEType: &h0
24194 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24195 20:56:10 (0) ** ACEFlags: &h0
24196 20:56:10 (0) ** ACEMask: &h3
24197 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24198 20:56:10 (0) ** DCOM_RIGHT_ACCESS_LOCAL
24199 20:56:10 (0) **
24200 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24201 20:56:10 (0) ** Removing default security will cause some operations to fail!
24202 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24203 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24204 20:56:10 (0) **
24205 20:56:10 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
24206 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
24207 20:56:10 (0) ** - REMOVED ACE:
24208 20:56:10 (0) ** ACEType: &h0
24209 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24210 20:56:10 (0) ** ACEFlags: &h0
24211 20:56:10 (0) ** ACEMask: &h7
24212 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24213 20:56:10 (0) ** DCOM_RIGHT_ACCESS_LOCAL
24214 20:56:10 (0) ** DCOM_RIGHT_ACCESS_REMOTE
24215 20:56:10 (0) **
24216 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24217 20:56:10 (0) ** Removing default security will cause some operations to fail!
24218 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24219 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24220 20:56:10 (0) **
24221 20:56:10 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
24222 20:56:10 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
24223 20:56:10 (0) ** - REMOVED ACE:
24224 20:56:10 (0) ** ACEType: &h0
24225 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24226 20:56:10 (0) ** ACEFlags: &h0
24227 20:56:10 (0) ** ACEMask: &h7
24228 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24229 20:56:10 (0) ** DCOM_RIGHT_ACCESS_LOCAL
24230 20:56:10 (0) ** DCOM_RIGHT_ACCESS_REMOTE
24231 20:56:10 (0) **
24232 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24233 20:56:10 (0) ** Removing default security will cause some operations to fail!
24234 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24235 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24236 20:56:10 (0) **
24237 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
24238 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
24239 20:56:10 (0) ** - REMOVED ACE:
24240 20:56:10 (0) ** ACEType: &h0
24241 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24242 20:56:10 (0) ** ACEFlags: &h0
24243 20:56:10 (0) ** ACEMask: &h1F
24244 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24245 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24246 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24247 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24248 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24249 20:56:10 (0) **
24250 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24251 20:56:10 (0) ** Removing default security will cause some operations to fail!
24252 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24253 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24254 20:56:10 (0) **
24255 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
24256 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
24257 20:56:10 (0) ** - REMOVED ACE:
24258 20:56:10 (0) ** ACEType: &h0
24259 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24260 20:56:10 (0) ** ACEFlags: &h0
24261 20:56:10 (0) ** ACEMask: &h1F
24262 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24263 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24264 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24265 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24266 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24267 20:56:10 (0) **
24268 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24269 20:56:10 (0) ** Removing default security will cause some operations to fail!
24270 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24271 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24272 20:56:10 (0) **
24273 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
24274 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
24275 20:56:10 (0) ** - REMOVED ACE:
24276 20:56:10 (0) ** ACEType: &h0
24277 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24278 20:56:10 (0) ** ACEFlags: &h0
24279 20:56:10 (0) ** ACEMask: &h1F
24280 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24281 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24282 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24283 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24284 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24285 20:56:10 (0) **
24286 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24287 20:56:10 (0) ** Removing default security will cause some operations to fail!
24288 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24289 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24290 20:56:10 (0) **
24291 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
24292 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
24293 20:56:10 (0) ** - REMOVED ACE:
24294 20:56:10 (0) ** ACEType: &h0
24295 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24296 20:56:10 (0) ** ACEFlags: &h0
24297 20:56:10 (0) ** ACEMask: &h1F
24298 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24299 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24300 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24301 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24302 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24303 20:56:10 (0) **
24304 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24305 20:56:10 (0) ** Removing default security will cause some operations to fail!
24306 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24307 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24308 20:56:10 (0) **
24309 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
24310 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
24311 20:56:10 (0) ** - REMOVED ACE:
24312 20:56:10 (0) ** ACEType: &h0
24313 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24314 20:56:10 (0) ** ACEFlags: &h0
24315 20:56:10 (0) ** ACEMask: &h1F
24316 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24317 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24318 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24319 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24320 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24321 20:56:10 (0) **
24322 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24323 20:56:10 (0) ** Removing default security will cause some operations to fail!
24324 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24325 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24326 20:56:10 (0) **
24327 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
24328 20:56:10 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
24329 20:56:10 (0) ** - REMOVED ACE:
24330 20:56:10 (0) ** ACEType: &h0
24331 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24332 20:56:10 (0) ** ACEFlags: &h0
24333 20:56:10 (0) ** ACEMask: &hB
24334 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24335 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24336 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24337 20:56:10 (0) **
24338 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24339 20:56:10 (0) ** Removing default security will cause some operations to fail!
24340 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24341 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24342 20:56:10 (0) **
24343 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
24344 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
24345 20:56:10 (0) ** - REMOVED ACE:
24346 20:56:10 (0) ** ACEType: &h0
24347 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24348 20:56:10 (0) ** ACEFlags: &h0
24349 20:56:10 (0) ** ACEMask: &h1F
24350 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24351 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24352 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24353 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24354 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24355 20:56:10 (0) **
24356 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24357 20:56:10 (0) ** Removing default security will cause some operations to fail!
24358 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24359 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24360 20:56:10 (0) **
24361 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
24362 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
24363 20:56:10 (0) ** - REMOVED ACE:
24364 20:56:10 (0) ** ACEType: &h0
24365 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24366 20:56:10 (0) ** ACEFlags: &h0
24367 20:56:10 (0) ** ACEMask: &h1F
24368 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24369 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24370 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24371 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24372 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24373 20:56:10 (0) **
24374 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24375 20:56:10 (0) ** Removing default security will cause some operations to fail!
24376 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24377 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24378 20:56:10 (0) **
24379 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
24380 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
24381 20:56:10 (0) ** - REMOVED ACE:
24382 20:56:10 (0) ** ACEType: &h0
24383 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24384 20:56:10 (0) ** ACEFlags: &h0
24385 20:56:10 (0) ** ACEMask: &h1F
24386 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24387 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24388 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24389 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24390 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24391 20:56:10 (0) **
24392 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24393 20:56:10 (0) ** Removing default security will cause some operations to fail!
24394 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24395 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24396 20:56:10 (0) **
24397 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
24398 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\NETWORK SERVICE' has been REMOVED!
24399 20:56:10 (0) ** - REMOVED ACE:
24400 20:56:10 (0) ** ACEType: &h0
24401 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24402 20:56:10 (0) ** ACEFlags: &h0
24403 20:56:10 (0) ** ACEMask: &h1F
24404 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24405 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24406 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24407 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24408 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24409 20:56:10 (0) **
24410 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24411 20:56:10 (0) ** Removing default security will cause some operations to fail!
24412 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24413 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24414 20:56:10 (0) **
24415 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
24416 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\LOCAL SERVICE' has been REMOVED!
24417 20:56:10 (0) ** - REMOVED ACE:
24418 20:56:10 (0) ** ACEType: &h0
24419 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24420 20:56:10 (0) ** ACEFlags: &h0
24421 20:56:10 (0) ** ACEMask: &h1F
24422 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24423 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24424 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24425 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24426 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24427 20:56:10 (0) **
24428 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24429 20:56:10 (0) ** Removing default security will cause some operations to fail!
24430 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24431 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24432 20:56:10 (0) **
24433 20:56:10 (0) **
24434 20:56:10 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
24435 20:56:10 (0) ** DCOM security error(s) detected: .................................................................................... 14.
24436 20:56:10 (0) ** WMI security warning(s) detected: ................................................................................... 0.
24437 20:56:10 (0) ** WMI security error(s) detected: ..................................................................................... 0.
24438 20:56:10 (0) **
24439 20:56:10 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
24440 20:56:10 (0) ** Overall WMI security status: ........................................................................................ OK.
24441 20:56:10 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
24442 20:56:10 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
24443 20:56:10 (0) ** - ROOT/SUBSCRIPTION, CommandLineEventConsumer.Name="BVTConsumer".
24444 20:56:10 (0) ** 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99'
24445 20:56:10 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
24446 20:56:10 (0) ** 'select * from MSFT_SCMEventLogEvent'
24447 20:56:10 (0) **
24448 20:56:10 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
24449 20:56:10 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)!
24450 20:56:10 (0) ** - ROOT/CIMV2/TERMINALSERVICES.
24451 20:56:10 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
24452 20:56:10 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level.
24453 20:56:10 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
24454 20:56:10 (0) ** i.e. 'WMIC.EXE /NODE:"BDK-PC" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\CIMV2\TERMINALSERVICES Class __SystemSecurity'
24455 20:56:10 (0) **
24456 20:56:10 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 6 ERROR(S)!
24457 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24458 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24459 20:56:10 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24460 20:56:10 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24461 20:56:10 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24462 20:56:10 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24463 20:56:10 (0) **
24464 20:56:10 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 7 ERROR(S)!
24465 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24466 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24467 20:56:10 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24468 20:56:10 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24469 20:56:10 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24470 20:56:10 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24471 20:56:10 (0) ** - Root/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24472 20:56:10 (0) **
24473 20:56:10 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 22 ERROR(S)!
24474 20:56:10 (0) ** - Root, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24475 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24476 20:56:10 (0) ** - ROOT/SUBSCRIPTION, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24477 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24478 20:56:10 (0) ** - ROOT/DEFAULT, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24479 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24480 20:56:10 (0) ** - ROOT/CIMV2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24481 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24482 20:56:10 (0) ** - ROOT/CIMV2/SECURITY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24483 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24484 20:56:10 (0) ** - ROOT/CIMV2/POWER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24485 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24486 20:56:10 (0) ** - ROOT/CIMV2/TERMINALSERVICES, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24487 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24488 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24489 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24490 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS/WINDOWSPARENTALCONTROLS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24491 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24492 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS/GAMES, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24493 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24494 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS/AVIRA_ANTIVIR, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24495 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24496 20:56:10 (0) ** - ROOT/CLI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24497 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24498 20:56:10 (0) ** - ROOT/NAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24499 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24500 20:56:10 (0) ** - ROOT/SECURITYCENTER2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24501 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24502 20:56:10 (0) ** - ROOT/RSOP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24503 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24504 20:56:10 (0) ** - ROOT/WMI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24505 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24506 20:56:10 (0) ** - ROOT/DIRECTORY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24507 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24508 20:56:10 (0) ** - ROOT/DIRECTORY/LDAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24509 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24510 20:56:10 (0) ** - ROOT/POLICY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24511 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24512 20:56:10 (0) ** - ROOT/INTEROP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24513 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24514 20:56:10 (0) ** - ROOT/SECURITYCENTER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24515 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24516 20:56:10 (0) ** - ROOT/ASPNET, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24517 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24518 20:56:10 (0) **
24519 20:56:10 (0) ** WMI MOF representations: ............................................................................................ OK.
24520 20:56:10 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
24521 20:56:10 (1) !! ERROR: WMI ENUMERATION operation errors reported: ................................................................... 1 ERROR(S)!
24522 20:56:10 (0) ** - ROOT/WMI, InstancesOfAsync, 'MSMouse', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24523 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24524 20:56:10 (0) **
24525 20:56:10 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
24526 20:56:10 (1) !! ERROR: WMI GET VALUE operation errors reported: ..................................................................... 1 ERROR(S)!
24527 20:56:10 (0) ** - Root/CIMV2, Instance: Win32_Service='WSCSVC', Property: Displayname='Centre de sécurité' (Expected default='Security Center').
24528 20:56:10 (0) **
24529 20:56:10 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
24530 20:56:10 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
24531 20:56:10 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
24532 20:56:10 (0) ** WMI static instances retrieved: ..................................................................................... 1730.
24533 20:56:10 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
24534 20:56:10 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
24535 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24536 20:56:10 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
24537 20:56:10 (0) ** DCOM: ............................................................................................................. 0.
24538 20:56:10 (0) ** WINMGMT: .......................................................................................................... 0.
24539 20:56:10 (0) ** WMIADAPTER: ....................................................................................................... 0.
24540 20:56:10 (0) **
24541 20:56:10 (0) ** # of additional Event Log events AFTER WMIDiag execution:
24542 20:56:10 (0) ** DCOM: ............................................................................................................. 0.
24543 20:56:10 (0) ** WINMGMT: .......................................................................................................... 0.
24544 20:56:10 (0) ** WMIADAPTER: ....................................................................................................... 0.
24545 20:56:10 (0) **
24546 20:56:10 (0) ** 36 error(s) 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action
24547 20:56:10 (0) ** => This error is typically due to insufficient or restricted permissions in the examined system.
24548 20:56:10 (0) ** => ENSURE you are a Full Administrator of the examined system, if the WMI provider or the
24549 20:56:10 (0) ** WMI system security do not enforce any restrictions.
24550 20:56:10 (0) **
24551 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24552 20:56:10 (0) ** WMI Registry key setup: ............................................................................................. OK.
24553 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24554 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24555 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24556 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24557 20:56:10 (0) **
24558 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24559 20:56:10 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
24560 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24561 20:56:10 (0) **
24562 20:56:10 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\BDK\APPDATA\LOCAL\TEMP\WMIDIAG-V2.2_WIN7_.CLI.SP1.64_BDK-PC_2017.04.05_20.51.44.LOG' for details.
24563 20:56:10 (0) **
24564 20:56:10 (0) ** WMIDiag v2.2 ended on mercredi 5 avril 2017 at 20:56 (W:91 E:65 S:1).
24069 20:56:10 (0) **
24070 20:56:10 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007.
24071 20:56:10 (0) **
24072 20:56:10 (0) ** This script is not supported under any Microsoft standard support program or service.
24073 20:56:10 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all
24074 20:56:10 (0) ** implied warranties including, without limitation, any implied warranties of merchantability
24075 20:56:10 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance
24076 20:56:10 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors,
24077 20:56:10 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for
24078 20:56:10 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits,
24079 20:56:10 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of
24080 20:56:10 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised
24081 20:56:10 (0) ** of the possibility of such damages.
24082 20:56:10 (0) **
24083 20:56:10 (0) **
24084 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24085 20:56:10 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ----------------------------------------------------------
24086 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24087 20:56:10 (0) **
24088 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24089 20:56:10 (0) ** Windows 7 - Service Pack 1 - 64-bit (7601) - User 'BDK-PC\BDK' on computer 'BDK-PC'.
24090 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24091 20:56:10 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)!
24092 20:56:10 (0) ** INFO: => 7 possible incorrect shutdown(s) detected on:
24093 20:56:10 (0) ** - Shutdown on 25 January 2017 04:55:51 (GMT-0).
24094 20:56:10 (0) ** - Shutdown on 31 January 2017 22:53:24 (GMT-0).
24095 20:56:10 (0) ** - Shutdown on 14 February 2017 21:20:05 (GMT-0).
24096 20:56:10 (0) ** - Shutdown on 05 March 2017 03:53:55 (GMT-0).
24097 20:56:10 (0) ** - Shutdown on 19 March 2017 00:45:40 (GMT-0).
24098 20:56:10 (0) ** - Shutdown on 30 March 2017 15:43:19 (GMT-0).
24099 20:56:10 (0) ** - Shutdown on 04 April 2017 21:34:13 (GMT-0).
24100 20:56:10 (0) **
24101 20:56:10 (0) ** System drive: ....................................................................................................... C: (Disque n° 0 partition n° 0).
24102 20:56:10 (0) ** Drive type: ......................................................................................................... IDE (KINGSTON SHSS37A240G ATA Device).
24103 20:56:10 (0) ** There are no missing WMI system files: .............................................................................. OK.
24104 20:56:10 (0) ** There are no missing WMI repository files: .......................................................................... OK.
24105 20:56:10 (0) ** WMI repository state: ............................................................................................... N/A.
24106 20:56:10 (0) ** AFTER running WMIDiag:
24107 20:56:10 (0) ** The WMI repository has a size of: ................................................................................... 25 MB.
24108 20:56:10 (0) ** - Disk free space on 'C:': .......................................................................................... 110995 MB.
24109 20:56:10 (0) ** - INDEX.BTR, 5251072 bytes, 05/04/2017 20:43:46
24110 20:56:10 (0) ** - MAPPING1.MAP, 67256 bytes, 05/04/2017 20:33:46
24111 20:56:10 (0) ** - MAPPING2.MAP, 67256 bytes, 05/04/2017 20:51:00
24112 20:56:10 (0) ** - OBJECTS.DATA, 20848640 bytes, 05/04/2017 20:43:46
24113 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24114 20:56:10 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED.
24115 20:56:10 (0) ** Windows Firewall Profile: ........................................................................................... PUBLIC.
24116 20:56:10 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED.
24117 20:56:10 (0) ** => This will prevent any WMI remote connectivity to this computer except
24118 20:56:10 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING:
24119 20:56:10 (0) ** - 'Windows Management Instrumentation (DCOM-In)'
24120 20:56:10 (0) ** - 'Windows Management Instrumentation (WMI-In)'
24121 20:56:10 (0) ** - 'Windows Management Instrumentation (ASync-In)'
24122 20:56:10 (0) ** Verify the reported status for each of these three inbound rules below.
24123 20:56:10 (0) **
24124 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED.
24125 20:56:10 (0) ** => This will prevent any WMI remote connectivity to/from this machine.
24126 20:56:10 (0) ** - You can adjust the configuration by executing the following command:
24127 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES'
24128 20:56:10 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once!
24129 20:56:10 (0) ** You can also enable each individual rule instead of activating the group rule.
24130 20:56:10 (0) **
24131 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED.
24132 20:56:10 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine.
24133 20:56:10 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity.
24134 20:56:10 (0) ** - You can adjust the configuration of this rule by executing the following command:
24135 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES'
24136 20:56:10 (0) **
24137 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED.
24138 20:56:10 (0) ** => This will prevent any WMI inbound connectivity to this machine.
24139 20:56:10 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity.
24140 20:56:10 (0) ** - You can adjust the configuration of this rule by executing the following command:
24141 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES'
24142 20:56:10 (0) **
24143 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED.
24144 20:56:10 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine.
24145 20:56:10 (0) ** - You can adjust the configuration of this rule by executing the following command:
24146 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES'
24147 20:56:10 (0) **
24148 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24149 20:56:10 (0) ** DCOM Status: ........................................................................................................ OK.
24150 20:56:10 (0) ** WMI registry setup: ................................................................................................. OK.
24151 20:56:10 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)!
24152 20:56:10 (0) ** - Security Center (WSCSVC, StartMode='Automatic')
24153 20:56:10 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Manual')
24154 20:56:10 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well.
24155 20:56:10 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but
24156 20:56:10 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped,
24157 20:56:10 (0) ** this can prevent the service/application to work as expected.
24158 20:56:10 (0) **
24159 20:56:10 (0) ** RPCSS service: ...................................................................................................... OK (Already started).
24160 20:56:10 (0) ** WINMGMT service: .................................................................................................... OK (Already started).
24161 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24162 20:56:10 (0) ** WMI service DCOM setup: ............................................................................................. OK.
24163 20:56:10 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 2 WARNING(S)!
24164 20:56:10 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\IPMIPRV.DLL (\CLSID\{FD209E2E-813B-41C0-8646-4C3E9C917511}\InProcServer32)
24165 20:56:10 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SERVERCOMPPROV.DLL (\CLSID\{9042E1B1-8FD4-4008-89FE-4040CC74575A}\InProcServer32)
24166 20:56:10 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to
24167 20:56:10 (0) ** fail depending on the operation requested.
24168 20:56:10 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE
24169 20:56:10 (0) **
24170 20:56:10 (0) ** WMI ProgID registrations: ........................................................................................... OK.
24171 20:56:10 (0) ** WMI provider DCOM registrations: .................................................................................... OK.
24172 20:56:10 (0) ** WMI provider CIM registrations: ..................................................................................... OK.
24173 20:56:10 (0) ** WMI provider CLSIDs: ................................................................................................ OK.
24174 20:56:10 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK.
24175 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24176 20:56:10 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED.
24177 20:56:10 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context.
24178 20:56:10 (0) ** i.e. You can start your scripts or WMIC commands from an elevated command
24179 20:56:10 (0) ** prompt by right clicking on the 'Command Prompt' icon in the Start Menu and
24180 20:56:10 (0) ** selecting 'Run as Administrator'.
24181 20:56:10 (0) ** i.e. You can also execute the WMI scripts or WMIC commands as a task
24182 20:56:10 (0) ** in the Task Scheduler within the right security context.
24183 20:56:10 (0) **
24184 20:56:10 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED.
24185 20:56:10 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative
24186 20:56:10 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer
24187 20:56:10 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote
24188 20:56:10 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group.
24189 20:56:10 (0) **
24190 20:56:10 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
24191 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\ANONYMOUS LOGON' has been REMOVED!
24192 20:56:10 (0) ** - REMOVED ACE:
24193 20:56:10 (0) ** ACEType: &h0
24194 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24195 20:56:10 (0) ** ACEFlags: &h0
24196 20:56:10 (0) ** ACEMask: &h3
24197 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24198 20:56:10 (0) ** DCOM_RIGHT_ACCESS_LOCAL
24199 20:56:10 (0) **
24200 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24201 20:56:10 (0) ** Removing default security will cause some operations to fail!
24202 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24203 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24204 20:56:10 (0) **
24205 20:56:10 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
24206 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
24207 20:56:10 (0) ** - REMOVED ACE:
24208 20:56:10 (0) ** ACEType: &h0
24209 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24210 20:56:10 (0) ** ACEFlags: &h0
24211 20:56:10 (0) ** ACEMask: &h7
24212 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24213 20:56:10 (0) ** DCOM_RIGHT_ACCESS_LOCAL
24214 20:56:10 (0) ** DCOM_RIGHT_ACCESS_REMOTE
24215 20:56:10 (0) **
24216 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24217 20:56:10 (0) ** Removing default security will cause some operations to fail!
24218 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24219 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24220 20:56:10 (0) **
24221 20:56:10 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED.
24222 20:56:10 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
24223 20:56:10 (0) ** - REMOVED ACE:
24224 20:56:10 (0) ** ACEType: &h0
24225 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24226 20:56:10 (0) ** ACEFlags: &h0
24227 20:56:10 (0) ** ACEMask: &h7
24228 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24229 20:56:10 (0) ** DCOM_RIGHT_ACCESS_LOCAL
24230 20:56:10 (0) ** DCOM_RIGHT_ACCESS_REMOTE
24231 20:56:10 (0) **
24232 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24233 20:56:10 (0) ** Removing default security will cause some operations to fail!
24234 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24235 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24236 20:56:10 (0) **
24237 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
24238 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
24239 20:56:10 (0) ** - REMOVED ACE:
24240 20:56:10 (0) ** ACEType: &h0
24241 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24242 20:56:10 (0) ** ACEFlags: &h0
24243 20:56:10 (0) ** ACEMask: &h1F
24244 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24245 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24246 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24247 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24248 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24249 20:56:10 (0) **
24250 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24251 20:56:10 (0) ** Removing default security will cause some operations to fail!
24252 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24253 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24254 20:56:10 (0) **
24255 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
24256 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
24257 20:56:10 (0) ** - REMOVED ACE:
24258 20:56:10 (0) ** ACEType: &h0
24259 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24260 20:56:10 (0) ** ACEFlags: &h0
24261 20:56:10 (0) ** ACEMask: &h1F
24262 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24263 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24264 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24265 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24266 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24267 20:56:10 (0) **
24268 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24269 20:56:10 (0) ** Removing default security will cause some operations to fail!
24270 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24271 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24272 20:56:10 (0) **
24273 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED.
24274 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
24275 20:56:10 (0) ** - REMOVED ACE:
24276 20:56:10 (0) ** ACEType: &h0
24277 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24278 20:56:10 (0) ** ACEFlags: &h0
24279 20:56:10 (0) ** ACEMask: &h1F
24280 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24281 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24282 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24283 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24284 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24285 20:56:10 (0) **
24286 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24287 20:56:10 (0) ** Removing default security will cause some operations to fail!
24288 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24289 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24290 20:56:10 (0) **
24291 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
24292 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
24293 20:56:10 (0) ** - REMOVED ACE:
24294 20:56:10 (0) ** ACEType: &h0
24295 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24296 20:56:10 (0) ** ACEFlags: &h0
24297 20:56:10 (0) ** ACEMask: &h1F
24298 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24299 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24300 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24301 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24302 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24303 20:56:10 (0) **
24304 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24305 20:56:10 (0) ** Removing default security will cause some operations to fail!
24306 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24307 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24308 20:56:10 (0) **
24309 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
24310 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED!
24311 20:56:10 (0) ** - REMOVED ACE:
24312 20:56:10 (0) ** ACEType: &h0
24313 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24314 20:56:10 (0) ** ACEFlags: &h0
24315 20:56:10 (0) ** ACEMask: &h1F
24316 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24317 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24318 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24319 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24320 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24321 20:56:10 (0) **
24322 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24323 20:56:10 (0) ** Removing default security will cause some operations to fail!
24324 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24325 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24326 20:56:10 (0) **
24327 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED.
24328 20:56:10 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED!
24329 20:56:10 (0) ** - REMOVED ACE:
24330 20:56:10 (0) ** ACEType: &h0
24331 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24332 20:56:10 (0) ** ACEFlags: &h0
24333 20:56:10 (0) ** ACEMask: &hB
24334 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24335 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24336 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24337 20:56:10 (0) **
24338 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24339 20:56:10 (0) ** Removing default security will cause some operations to fail!
24340 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24341 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24342 20:56:10 (0) **
24343 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
24344 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
24345 20:56:10 (0) ** - REMOVED ACE:
24346 20:56:10 (0) ** ACEType: &h0
24347 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24348 20:56:10 (0) ** ACEFlags: &h0
24349 20:56:10 (0) ** ACEMask: &h1F
24350 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24351 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24352 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24353 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24354 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24355 20:56:10 (0) **
24356 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24357 20:56:10 (0) ** Removing default security will cause some operations to fail!
24358 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24359 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24360 20:56:10 (0) **
24361 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
24362 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED!
24363 20:56:10 (0) ** - REMOVED ACE:
24364 20:56:10 (0) ** ACEType: &h0
24365 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24366 20:56:10 (0) ** ACEFlags: &h0
24367 20:56:10 (0) ** ACEMask: &h1F
24368 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24369 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24370 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24371 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24372 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24373 20:56:10 (0) **
24374 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24375 20:56:10 (0) ** Removing default security will cause some operations to fail!
24376 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24377 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24378 20:56:10 (0) **
24379 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
24380 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED!
24381 20:56:10 (0) ** - REMOVED ACE:
24382 20:56:10 (0) ** ACEType: &h0
24383 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24384 20:56:10 (0) ** ACEFlags: &h0
24385 20:56:10 (0) ** ACEMask: &h1F
24386 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24387 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24388 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24389 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24390 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24391 20:56:10 (0) **
24392 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24393 20:56:10 (0) ** Removing default security will cause some operations to fail!
24394 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24395 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24396 20:56:10 (0) **
24397 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
24398 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\NETWORK SERVICE' has been REMOVED!
24399 20:56:10 (0) ** - REMOVED ACE:
24400 20:56:10 (0) ** ACEType: &h0
24401 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24402 20:56:10 (0) ** ACEFlags: &h0
24403 20:56:10 (0) ** ACEMask: &h1F
24404 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24405 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24406 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24407 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24408 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24409 20:56:10 (0) **
24410 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24411 20:56:10 (0) ** Removing default security will cause some operations to fail!
24412 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24413 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24414 20:56:10 (0) **
24415 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED.
24416 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\LOCAL SERVICE' has been REMOVED!
24417 20:56:10 (0) ** - REMOVED ACE:
24418 20:56:10 (0) ** ACEType: &h0
24419 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE
24420 20:56:10 (0) ** ACEFlags: &h0
24421 20:56:10 (0) ** ACEMask: &h1F
24422 20:56:10 (0) ** DCOM_RIGHT_EXECUTE
24423 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL
24424 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE
24425 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL
24426 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE
24427 20:56:10 (0) **
24428 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
24429 20:56:10 (0) ** Removing default security will cause some operations to fail!
24430 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE.
24431 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'.
24432 20:56:10 (0) **
24433 20:56:10 (0) **
24434 20:56:10 (0) ** DCOM security warning(s) detected: .................................................................................. 0.
24435 20:56:10 (0) ** DCOM security error(s) detected: .................................................................................... 14.
24436 20:56:10 (0) ** WMI security warning(s) detected: ................................................................................... 0.
24437 20:56:10 (0) ** WMI security error(s) detected: ..................................................................................... 0.
24438 20:56:10 (0) **
24439 20:56:10 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR!
24440 20:56:10 (0) ** Overall WMI security status: ........................................................................................ OK.
24441 20:56:10 (0) ** - Started at 'Root' --------------------------------------------------------------------------------------------------------------
24442 20:56:10 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2.
24443 20:56:10 (0) ** - ROOT/SUBSCRIPTION, CommandLineEventConsumer.Name="BVTConsumer".
24444 20:56:10 (0) ** 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99'
24445 20:56:10 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer".
24446 20:56:10 (0) ** 'select * from MSFT_SCMEventLogEvent'
24447 20:56:10 (0) **
24448 20:56:10 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE.
24449 20:56:10 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)!
24450 20:56:10 (0) ** - ROOT/CIMV2/TERMINALSERVICES.
24451 20:56:10 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to
24452 20:56:10 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level.
24453 20:56:10 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags)
24454 20:56:10 (0) ** i.e. 'WMIC.EXE /NODE:"BDK-PC" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\CIMV2\TERMINALSERVICES Class __SystemSecurity'
24455 20:56:10 (0) **
24456 20:56:10 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 6 ERROR(S)!
24457 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24458 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24459 20:56:10 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24460 20:56:10 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24461 20:56:10 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24462 20:56:10 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24463 20:56:10 (0) **
24464 20:56:10 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 7 ERROR(S)!
24465 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24466 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24467 20:56:10 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24468 20:56:10 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24469 20:56:10 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24470 20:56:10 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24471 20:56:10 (0) ** - Root/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24472 20:56:10 (0) **
24473 20:56:10 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 22 ERROR(S)!
24474 20:56:10 (0) ** - Root, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24475 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24476 20:56:10 (0) ** - ROOT/SUBSCRIPTION, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24477 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24478 20:56:10 (0) ** - ROOT/DEFAULT, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24479 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24480 20:56:10 (0) ** - ROOT/CIMV2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24481 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24482 20:56:10 (0) ** - ROOT/CIMV2/SECURITY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24483 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24484 20:56:10 (0) ** - ROOT/CIMV2/POWER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24485 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24486 20:56:10 (0) ** - ROOT/CIMV2/TERMINALSERVICES, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24487 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24488 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24489 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24490 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS/WINDOWSPARENTALCONTROLS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24491 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24492 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS/GAMES, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24493 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24494 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS/AVIRA_ANTIVIR, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24495 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24496 20:56:10 (0) ** - ROOT/CLI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24497 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24498 20:56:10 (0) ** - ROOT/NAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24499 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24500 20:56:10 (0) ** - ROOT/SECURITYCENTER2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24501 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24502 20:56:10 (0) ** - ROOT/RSOP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24503 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24504 20:56:10 (0) ** - ROOT/WMI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24505 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24506 20:56:10 (0) ** - ROOT/DIRECTORY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24507 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24508 20:56:10 (0) ** - ROOT/DIRECTORY/LDAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24509 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24510 20:56:10 (0) ** - ROOT/POLICY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24511 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24512 20:56:10 (0) ** - ROOT/INTEROP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24513 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24514 20:56:10 (0) ** - ROOT/SECURITYCENTER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24515 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24516 20:56:10 (0) ** - ROOT/ASPNET, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24517 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24518 20:56:10 (0) **
24519 20:56:10 (0) ** WMI MOF representations: ............................................................................................ OK.
24520 20:56:10 (0) ** WMI QUALIFIER access operations: .................................................................................... OK.
24521 20:56:10 (1) !! ERROR: WMI ENUMERATION operation errors reported: ................................................................... 1 ERROR(S)!
24522 20:56:10 (0) ** - ROOT/WMI, InstancesOfAsync, 'MSMouse', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action.
24523 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)'
24524 20:56:10 (0) **
24525 20:56:10 (0) ** WMI EXECQUERY operations: ........................................................................................... OK.
24526 20:56:10 (1) !! ERROR: WMI GET VALUE operation errors reported: ..................................................................... 1 ERROR(S)!
24527 20:56:10 (0) ** - Root/CIMV2, Instance: Win32_Service='WSCSVC', Property: Displayname='Centre de sécurité' (Expected default='Security Center').
24528 20:56:10 (0) **
24529 20:56:10 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED.
24530 20:56:10 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED.
24531 20:56:10 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED.
24532 20:56:10 (0) ** WMI static instances retrieved: ..................................................................................... 1730.
24533 20:56:10 (0) ** WMI dynamic instances retrieved: .................................................................................... 0.
24534 20:56:10 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1.
24535 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24536 20:56:10 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s):
24537 20:56:10 (0) ** DCOM: ............................................................................................................. 0.
24538 20:56:10 (0) ** WINMGMT: .......................................................................................................... 0.
24539 20:56:10 (0) ** WMIADAPTER: ....................................................................................................... 0.
24540 20:56:10 (0) **
24541 20:56:10 (0) ** # of additional Event Log events AFTER WMIDiag execution:
24542 20:56:10 (0) ** DCOM: ............................................................................................................. 0.
24543 20:56:10 (0) ** WINMGMT: .......................................................................................................... 0.
24544 20:56:10 (0) ** WMIADAPTER: ....................................................................................................... 0.
24545 20:56:10 (0) **
24546 20:56:10 (0) ** 36 error(s) 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action
24547 20:56:10 (0) ** => This error is typically due to insufficient or restricted permissions in the examined system.
24548 20:56:10 (0) ** => ENSURE you are a Full Administrator of the examined system, if the WMI provider or the
24549 20:56:10 (0) ** WMI system security do not enforce any restrictions.
24550 20:56:10 (0) **
24551 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24552 20:56:10 (0) ** WMI Registry key setup: ............................................................................................. OK.
24553 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24554 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24555 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24556 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24557 20:56:10 (0) **
24558 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24559 20:56:10 (0) ** ------------------------------------------------------ WMI REPORT: END -----------------------------------------------------------
24560 20:56:10 (0) ** ----------------------------------------------------------------------------------------------------------------------------------
24561 20:56:10 (0) **
24562 20:56:10 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\BDK\APPDATA\LOCAL\TEMP\WMIDIAG-V2.2_WIN7_.CLI.SP1.64_BDK-PC_2017.04.05_20.51.44.LOG' for details.
24563 20:56:10 (0) **
24564 20:56:10 (0) ** WMIDiag v2.2 ended on mercredi 5 avril 2017 at 20:56 (W:91 E:65 S:1).