24068 20:56:10 (0) ** WMIDiag v2.2 started on mercredi 5 avril 2017 at 20:51. 24069 20:56:10 (0) ** 24070 20:56:10 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007. 24071 20:56:10 (0) ** 24072 20:56:10 (0) ** This script is not supported under any Microsoft standard support program or service. 24073 20:56:10 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all 24074 20:56:10 (0) ** implied warranties including, without limitation, any implied warranties of merchantability 24075 20:56:10 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance 24076 20:56:10 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors, 24077 20:56:10 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for 24078 20:56:10 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits, 24079 20:56:10 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of 24080 20:56:10 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised 24081 20:56:10 (0) ** of the possibility of such damages. 24082 20:56:10 (0) ** 24083 20:56:10 (0) ** 24084 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24085 20:56:10 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ---------------------------------------------------------- 24086 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24087 20:56:10 (0) ** 24088 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24089 20:56:10 (0) ** Windows 7 - Service Pack 1 - 64-bit (7601) - User 'BDK-PC\BDK' on computer 'BDK-PC'. 24090 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24091 20:56:10 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)! 24092 20:56:10 (0) ** INFO: => 7 possible incorrect shutdown(s) detected on: 24093 20:56:10 (0) ** - Shutdown on 25 January 2017 04:55:51 (GMT-0). 24094 20:56:10 (0) ** - Shutdown on 31 January 2017 22:53:24 (GMT-0). 24095 20:56:10 (0) ** - Shutdown on 14 February 2017 21:20:05 (GMT-0). 24096 20:56:10 (0) ** - Shutdown on 05 March 2017 03:53:55 (GMT-0). 24097 20:56:10 (0) ** - Shutdown on 19 March 2017 00:45:40 (GMT-0). 24098 20:56:10 (0) ** - Shutdown on 30 March 2017 15:43:19 (GMT-0). 24099 20:56:10 (0) ** - Shutdown on 04 April 2017 21:34:13 (GMT-0). 24100 20:56:10 (0) ** 24101 20:56:10 (0) ** System drive: ....................................................................................................... C: (Disque n° 0 partition n° 0). 24102 20:56:10 (0) ** Drive type: ......................................................................................................... IDE (KINGSTON SHSS37A240G ATA Device). 24103 20:56:10 (0) ** There are no missing WMI system files: .............................................................................. OK. 24104 20:56:10 (0) ** There are no missing WMI repository files: .......................................................................... OK. 24105 20:56:10 (0) ** WMI repository state: ............................................................................................... N/A. 24106 20:56:10 (0) ** AFTER running WMIDiag: 24107 20:56:10 (0) ** The WMI repository has a size of: ................................................................................... 25 MB. 24108 20:56:10 (0) ** - Disk free space on 'C:': .......................................................................................... 110995 MB. 24109 20:56:10 (0) ** - INDEX.BTR, 5251072 bytes, 05/04/2017 20:43:46 24110 20:56:10 (0) ** - MAPPING1.MAP, 67256 bytes, 05/04/2017 20:33:46 24111 20:56:10 (0) ** - MAPPING2.MAP, 67256 bytes, 05/04/2017 20:51:00 24112 20:56:10 (0) ** - OBJECTS.DATA, 20848640 bytes, 05/04/2017 20:43:46 24113 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24114 20:56:10 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED. 24115 20:56:10 (0) ** Windows Firewall Profile: ........................................................................................... PUBLIC. 24116 20:56:10 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED. 24117 20:56:10 (0) ** => This will prevent any WMI remote connectivity to this computer except 24118 20:56:10 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING: 24119 20:56:10 (0) ** - 'Windows Management Instrumentation (DCOM-In)' 24120 20:56:10 (0) ** - 'Windows Management Instrumentation (WMI-In)' 24121 20:56:10 (0) ** - 'Windows Management Instrumentation (ASync-In)' 24122 20:56:10 (0) ** Verify the reported status for each of these three inbound rules below. 24123 20:56:10 (0) ** 24124 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED. 24125 20:56:10 (0) ** => This will prevent any WMI remote connectivity to/from this machine. 24126 20:56:10 (0) ** - You can adjust the configuration by executing the following command: 24127 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES' 24128 20:56:10 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once! 24129 20:56:10 (0) ** You can also enable each individual rule instead of activating the group rule. 24130 20:56:10 (0) ** 24131 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (DCOM-In)' rule: ............................................... DISABLED. 24132 20:56:10 (0) ** => This will prevent any DCOM WMI inbound connectivity to this machine. 24133 20:56:10 (0) ** Note: The rule 'Windows Management Instrumentation (DCOM-In)' rule must be ENABLED to allow incoming DCOM WMI connectivity. 24134 20:56:10 (0) ** - You can adjust the configuration of this rule by executing the following command: 24135 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (DCOM-In)" NEW ENABLE=YES' 24136 20:56:10 (0) ** 24137 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI-In)' rule: ................................................ DISABLED. 24138 20:56:10 (0) ** => This will prevent any WMI inbound connectivity to this machine. 24139 20:56:10 (0) ** Note: The rule 'Windows Management Instrumentation (WMI-In)' rule must be ENABLED to allow incoming WMI connectivity. 24140 20:56:10 (0) ** - You can adjust the configuration of this rule by executing the following command: 24141 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (WMI-In)" NEW ENABLE=YES' 24142 20:56:10 (0) ** 24143 20:56:10 (0) ** Windows Firewall 'Windows Management Instrumentation (ASync-In)' rule: .............................................. DISABLED. 24144 20:56:10 (0) ** => This will prevent any WMI asynchronous inbound connectivity to this machine. 24145 20:56:10 (0) ** - You can adjust the configuration of this rule by executing the following command: 24146 20:56:10 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE NAME="Windows Management Instrumentation (ASync-In)" NEW ENABLE=YES' 24147 20:56:10 (0) ** 24148 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24149 20:56:10 (0) ** DCOM Status: ........................................................................................................ OK. 24150 20:56:10 (0) ** WMI registry setup: ................................................................................................. OK. 24151 20:56:10 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)! 24152 20:56:10 (0) ** - Security Center (WSCSVC, StartMode='Automatic') 24153 20:56:10 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Manual') 24154 20:56:10 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well. 24155 20:56:10 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but 24156 20:56:10 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped, 24157 20:56:10 (0) ** this can prevent the service/application to work as expected. 24158 20:56:10 (0) ** 24159 20:56:10 (0) ** RPCSS service: ...................................................................................................... OK (Already started). 24160 20:56:10 (0) ** WINMGMT service: .................................................................................................... OK (Already started). 24161 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24162 20:56:10 (0) ** WMI service DCOM setup: ............................................................................................. OK. 24163 20:56:10 (2) !! WARNING: WMI DCOM components registration is missing for the following EXE/DLLs: .................................... 2 WARNING(S)! 24164 20:56:10 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\IPMIPRV.DLL (\CLSID\{FD209E2E-813B-41C0-8646-4C3E9C917511}\InProcServer32) 24165 20:56:10 (0) ** - C:\WINDOWS\SYSTEM32\WBEM\SERVERCOMPPROV.DLL (\CLSID\{9042E1B1-8FD4-4008-89FE-4040CC74575A}\InProcServer32) 24166 20:56:10 (0) ** => WMI System components are not properly registered as COM objects, which could make WMI to 24167 20:56:10 (0) ** fail depending on the operation requested. 24168 20:56:10 (0) ** => For a .DLL, you can correct the DCOM configuration by executing the 'REGSVR32.EXE ' command. 24169 20:56:10 (0) ** 24170 20:56:10 (0) ** WMI ProgID registrations: ........................................................................................... OK. 24171 20:56:10 (0) ** WMI provider DCOM registrations: .................................................................................... OK. 24172 20:56:10 (0) ** WMI provider CIM registrations: ..................................................................................... OK. 24173 20:56:10 (0) ** WMI provider CLSIDs: ................................................................................................ OK. 24174 20:56:10 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK. 24175 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24176 20:56:10 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED. 24177 20:56:10 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context. 24178 20:56:10 (0) ** i.e. You can start your scripts or WMIC commands from an elevated command 24179 20:56:10 (0) ** prompt by right clicking on the 'Command Prompt' icon in the Start Menu and 24180 20:56:10 (0) ** selecting 'Run as Administrator'. 24181 20:56:10 (0) ** i.e. You can also execute the WMI scripts or WMIC commands as a task 24182 20:56:10 (0) ** in the Task Scheduler within the right security context. 24183 20:56:10 (0) ** 24184 20:56:10 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED. 24185 20:56:10 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative 24186 20:56:10 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer 24187 20:56:10 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote 24188 20:56:10 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group. 24189 20:56:10 (0) ** 24190 20:56:10 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 24191 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\ANONYMOUS LOGON' has been REMOVED! 24192 20:56:10 (0) ** - REMOVED ACE: 24193 20:56:10 (0) ** ACEType: &h0 24194 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24195 20:56:10 (0) ** ACEFlags: &h0 24196 20:56:10 (0) ** ACEMask: &h3 24197 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24198 20:56:10 (0) ** DCOM_RIGHT_ACCESS_LOCAL 24199 20:56:10 (0) ** 24200 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24201 20:56:10 (0) ** Removing default security will cause some operations to fail! 24202 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24203 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24204 20:56:10 (0) ** 24205 20:56:10 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 24206 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED! 24207 20:56:10 (0) ** - REMOVED ACE: 24208 20:56:10 (0) ** ACEType: &h0 24209 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24210 20:56:10 (0) ** ACEFlags: &h0 24211 20:56:10 (0) ** ACEMask: &h7 24212 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24213 20:56:10 (0) ** DCOM_RIGHT_ACCESS_LOCAL 24214 20:56:10 (0) ** DCOM_RIGHT_ACCESS_REMOTE 24215 20:56:10 (0) ** 24216 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24217 20:56:10 (0) ** Removing default security will cause some operations to fail! 24218 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24219 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24220 20:56:10 (0) ** 24221 20:56:10 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 24222 20:56:10 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 24223 20:56:10 (0) ** - REMOVED ACE: 24224 20:56:10 (0) ** ACEType: &h0 24225 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24226 20:56:10 (0) ** ACEFlags: &h0 24227 20:56:10 (0) ** ACEMask: &h7 24228 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24229 20:56:10 (0) ** DCOM_RIGHT_ACCESS_LOCAL 24230 20:56:10 (0) ** DCOM_RIGHT_ACCESS_REMOTE 24231 20:56:10 (0) ** 24232 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24233 20:56:10 (0) ** Removing default security will cause some operations to fail! 24234 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24235 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24236 20:56:10 (0) ** 24237 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 24238 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 24239 20:56:10 (0) ** - REMOVED ACE: 24240 20:56:10 (0) ** ACEType: &h0 24241 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24242 20:56:10 (0) ** ACEFlags: &h0 24243 20:56:10 (0) ** ACEMask: &h1F 24244 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24245 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24246 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 24247 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24248 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 24249 20:56:10 (0) ** 24250 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24251 20:56:10 (0) ** Removing default security will cause some operations to fail! 24252 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24253 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24254 20:56:10 (0) ** 24255 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 24256 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED! 24257 20:56:10 (0) ** - REMOVED ACE: 24258 20:56:10 (0) ** ACEType: &h0 24259 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24260 20:56:10 (0) ** ACEFlags: &h0 24261 20:56:10 (0) ** ACEMask: &h1F 24262 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24263 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24264 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 24265 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24266 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 24267 20:56:10 (0) ** 24268 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24269 20:56:10 (0) ** Removing default security will cause some operations to fail! 24270 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24271 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24272 20:56:10 (0) ** 24273 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 24274 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED! 24275 20:56:10 (0) ** - REMOVED ACE: 24276 20:56:10 (0) ** ACEType: &h0 24277 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24278 20:56:10 (0) ** ACEFlags: &h0 24279 20:56:10 (0) ** ACEMask: &h1F 24280 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24281 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24282 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 24283 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24284 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 24285 20:56:10 (0) ** 24286 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24287 20:56:10 (0) ** Removing default security will cause some operations to fail! 24288 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24289 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24290 20:56:10 (0) ** 24291 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 24292 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 24293 20:56:10 (0) ** - REMOVED ACE: 24294 20:56:10 (0) ** ACEType: &h0 24295 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24296 20:56:10 (0) ** ACEFlags: &h0 24297 20:56:10 (0) ** ACEMask: &h1F 24298 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24299 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24300 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 24301 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24302 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 24303 20:56:10 (0) ** 24304 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24305 20:56:10 (0) ** Removing default security will cause some operations to fail! 24306 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24307 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24308 20:56:10 (0) ** 24309 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 24310 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED! 24311 20:56:10 (0) ** - REMOVED ACE: 24312 20:56:10 (0) ** ACEType: &h0 24313 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24314 20:56:10 (0) ** ACEFlags: &h0 24315 20:56:10 (0) ** ACEMask: &h1F 24316 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24317 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24318 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 24319 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24320 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 24321 20:56:10 (0) ** 24322 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24323 20:56:10 (0) ** Removing default security will cause some operations to fail! 24324 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24325 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24326 20:56:10 (0) ** 24327 20:56:10 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 24328 20:56:10 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 24329 20:56:10 (0) ** - REMOVED ACE: 24330 20:56:10 (0) ** ACEType: &h0 24331 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24332 20:56:10 (0) ** ACEFlags: &h0 24333 20:56:10 (0) ** ACEMask: &hB 24334 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24335 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24336 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24337 20:56:10 (0) ** 24338 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24339 20:56:10 (0) ** Removing default security will cause some operations to fail! 24340 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24341 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24342 20:56:10 (0) ** 24343 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 24344 20:56:10 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 24345 20:56:10 (0) ** - REMOVED ACE: 24346 20:56:10 (0) ** ACEType: &h0 24347 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24348 20:56:10 (0) ** ACEFlags: &h0 24349 20:56:10 (0) ** ACEMask: &h1F 24350 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24351 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24352 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 24353 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24354 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 24355 20:56:10 (0) ** 24356 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24357 20:56:10 (0) ** Removing default security will cause some operations to fail! 24358 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24359 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24360 20:56:10 (0) ** 24361 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 24362 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED! 24363 20:56:10 (0) ** - REMOVED ACE: 24364 20:56:10 (0) ** ACEType: &h0 24365 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24366 20:56:10 (0) ** ACEFlags: &h0 24367 20:56:10 (0) ** ACEMask: &h1F 24368 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24369 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24370 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 24371 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24372 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 24373 20:56:10 (0) ** 24374 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24375 20:56:10 (0) ** Removing default security will cause some operations to fail! 24376 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24377 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24378 20:56:10 (0) ** 24379 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 24380 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED! 24381 20:56:10 (0) ** - REMOVED ACE: 24382 20:56:10 (0) ** ACEType: &h0 24383 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24384 20:56:10 (0) ** ACEFlags: &h0 24385 20:56:10 (0) ** ACEMask: &h1F 24386 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24387 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24388 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 24389 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24390 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 24391 20:56:10 (0) ** 24392 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24393 20:56:10 (0) ** Removing default security will cause some operations to fail! 24394 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24395 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24396 20:56:10 (0) ** 24397 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 24398 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\NETWORK SERVICE' has been REMOVED! 24399 20:56:10 (0) ** - REMOVED ACE: 24400 20:56:10 (0) ** ACEType: &h0 24401 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24402 20:56:10 (0) ** ACEFlags: &h0 24403 20:56:10 (0) ** ACEMask: &h1F 24404 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24405 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24406 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 24407 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24408 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 24409 20:56:10 (0) ** 24410 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24411 20:56:10 (0) ** Removing default security will cause some operations to fail! 24412 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24413 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24414 20:56:10 (0) ** 24415 20:56:10 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 24416 20:56:10 (1) !! ERROR: Default trustee 'NT AUTHORITY\LOCAL SERVICE' has been REMOVED! 24417 20:56:10 (0) ** - REMOVED ACE: 24418 20:56:10 (0) ** ACEType: &h0 24419 20:56:10 (0) ** ACCESS_ALLOWED_ACE_TYPE 24420 20:56:10 (0) ** ACEFlags: &h0 24421 20:56:10 (0) ** ACEMask: &h1F 24422 20:56:10 (0) ** DCOM_RIGHT_EXECUTE 24423 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 24424 20:56:10 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 24425 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 24426 20:56:10 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 24427 20:56:10 (0) ** 24428 20:56:10 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 24429 20:56:10 (0) ** Removing default security will cause some operations to fail! 24430 20:56:10 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 24431 20:56:10 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 24432 20:56:10 (0) ** 24433 20:56:10 (0) ** 24434 20:56:10 (0) ** DCOM security warning(s) detected: .................................................................................. 0. 24435 20:56:10 (0) ** DCOM security error(s) detected: .................................................................................... 14. 24436 20:56:10 (0) ** WMI security warning(s) detected: ................................................................................... 0. 24437 20:56:10 (0) ** WMI security error(s) detected: ..................................................................................... 0. 24438 20:56:10 (0) ** 24439 20:56:10 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR! 24440 20:56:10 (0) ** Overall WMI security status: ........................................................................................ OK. 24441 20:56:10 (0) ** - Started at 'Root' -------------------------------------------------------------------------------------------------------------- 24442 20:56:10 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 2. 24443 20:56:10 (0) ** - ROOT/SUBSCRIPTION, CommandLineEventConsumer.Name="BVTConsumer". 24444 20:56:10 (0) ** 'SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99' 24445 20:56:10 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer". 24446 20:56:10 (0) ** 'select * from MSFT_SCMEventLogEvent' 24447 20:56:10 (0) ** 24448 20:56:10 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE. 24449 20:56:10 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 1 NAMESPACE(S)! 24450 20:56:10 (0) ** - ROOT/CIMV2/TERMINALSERVICES. 24451 20:56:10 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to 24452 20:56:10 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level. 24453 20:56:10 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags) 24454 20:56:10 (0) ** i.e. 'WMIC.EXE /NODE:"BDK-PC" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\CIMV2\TERMINALSERVICES Class __SystemSecurity' 24455 20:56:10 (0) ** 24456 20:56:10 (1) !! ERROR: WMI MONIKER CONNECTION errors occured for the following namespaces: .......................................... 6 ERROR(S)! 24457 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24458 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24459 20:56:10 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24460 20:56:10 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24461 20:56:10 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24462 20:56:10 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24463 20:56:10 (0) ** 24464 20:56:10 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 7 ERROR(S)! 24465 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24466 20:56:10 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24467 20:56:10 (0) ** - ROOT/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24468 20:56:10 (0) ** - ROOT/RSOP/USER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24469 20:56:10 (0) ** - ROOT/RSOP/COMPUTER, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24470 20:56:10 (0) ** - ROOT/SERVICEMODEL, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24471 20:56:10 (0) ** - Root/SECURITY, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24472 20:56:10 (0) ** 24473 20:56:10 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 22 ERROR(S)! 24474 20:56:10 (0) ** - Root, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24475 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24476 20:56:10 (0) ** - ROOT/SUBSCRIPTION, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24477 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24478 20:56:10 (0) ** - ROOT/DEFAULT, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24479 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24480 20:56:10 (0) ** - ROOT/CIMV2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24481 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24482 20:56:10 (0) ** - ROOT/CIMV2/SECURITY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24483 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24484 20:56:10 (0) ** - ROOT/CIMV2/POWER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24485 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24486 20:56:10 (0) ** - ROOT/CIMV2/TERMINALSERVICES, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24487 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24488 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24489 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24490 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS/WINDOWSPARENTALCONTROLS, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24491 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24492 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS/GAMES, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24493 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24494 20:56:10 (0) ** - ROOT/CIMV2/APPLICATIONS/AVIRA_ANTIVIR, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24495 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24496 20:56:10 (0) ** - ROOT/CLI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24497 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24498 20:56:10 (0) ** - ROOT/NAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24499 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24500 20:56:10 (0) ** - ROOT/SECURITYCENTER2, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24501 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24502 20:56:10 (0) ** - ROOT/RSOP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24503 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24504 20:56:10 (0) ** - ROOT/WMI, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24505 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24506 20:56:10 (0) ** - ROOT/DIRECTORY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24507 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24508 20:56:10 (0) ** - ROOT/DIRECTORY/LDAP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24509 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24510 20:56:10 (0) ** - ROOT/POLICY, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24511 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24512 20:56:10 (0) ** - ROOT/INTEROP, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24513 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24514 20:56:10 (0) ** - ROOT/SECURITYCENTER, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24515 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24516 20:56:10 (0) ** - ROOT/ASPNET, __SystemSecurity, 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24517 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24518 20:56:10 (0) ** 24519 20:56:10 (0) ** WMI MOF representations: ............................................................................................ OK. 24520 20:56:10 (0) ** WMI QUALIFIER access operations: .................................................................................... OK. 24521 20:56:10 (1) !! ERROR: WMI ENUMERATION operation errors reported: ................................................................... 1 ERROR(S)! 24522 20:56:10 (0) ** - ROOT/WMI, InstancesOfAsync, 'MSMouse', 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action. 24523 20:56:10 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 24524 20:56:10 (0) ** 24525 20:56:10 (0) ** WMI EXECQUERY operations: ........................................................................................... OK. 24526 20:56:10 (1) !! ERROR: WMI GET VALUE operation errors reported: ..................................................................... 1 ERROR(S)! 24527 20:56:10 (0) ** - Root/CIMV2, Instance: Win32_Service='WSCSVC', Property: Displayname='Centre de sécurité' (Expected default='Security Center'). 24528 20:56:10 (0) ** 24529 20:56:10 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED. 24530 20:56:10 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED. 24531 20:56:10 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED. 24532 20:56:10 (0) ** WMI static instances retrieved: ..................................................................................... 1730. 24533 20:56:10 (0) ** WMI dynamic instances retrieved: .................................................................................... 0. 24534 20:56:10 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1. 24535 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24536 20:56:10 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s): 24537 20:56:10 (0) ** DCOM: ............................................................................................................. 0. 24538 20:56:10 (0) ** WINMGMT: .......................................................................................................... 0. 24539 20:56:10 (0) ** WMIADAPTER: ....................................................................................................... 0. 24540 20:56:10 (0) ** 24541 20:56:10 (0) ** # of additional Event Log events AFTER WMIDiag execution: 24542 20:56:10 (0) ** DCOM: ............................................................................................................. 0. 24543 20:56:10 (0) ** WINMGMT: .......................................................................................................... 0. 24544 20:56:10 (0) ** WMIADAPTER: ....................................................................................................... 0. 24545 20:56:10 (0) ** 24546 20:56:10 (0) ** 36 error(s) 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not have permission to perform the action 24547 20:56:10 (0) ** => This error is typically due to insufficient or restricted permissions in the examined system. 24548 20:56:10 (0) ** => ENSURE you are a Full Administrator of the examined system, if the WMI provider or the 24549 20:56:10 (0) ** WMI system security do not enforce any restrictions. 24550 20:56:10 (0) ** 24551 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24552 20:56:10 (0) ** WMI Registry key setup: ............................................................................................. OK. 24553 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24554 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24555 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24556 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24557 20:56:10 (0) ** 24558 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24559 20:56:10 (0) ** ------------------------------------------------------ WMI REPORT: END ----------------------------------------------------------- 24560 20:56:10 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 24561 20:56:10 (0) ** 24562 20:56:10 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\BDK\APPDATA\LOCAL\TEMP\WMIDIAG-V2.2_WIN7_.CLI.SP1.64_BDK-PC_2017.04.05_20.51.44.LOG' for details. 24563 20:56:10 (0) ** 24564 20:56:10 (0) ** WMIDiag v2.2 ended on mercredi 5 avril 2017 at 20:56 (W:91 E:65 S:1).