HiPerfCooker

[augfl]

What does this warning mean: Event Viewer: Application: Warning: WinMgmt:
Event 63: A provider, HiPerfCooker_v1, has been registered in the WMI
namespace, Root\WMI, to use the local system account. This account is
privileged and the provider may cause a security violation if it does not
correctly impersonate user requests.

 

[ThedogofHienz]

That's what i'd like to know i have the same warning in my event veiwer.

 

[Ben Vail]

What does this warning mean: Event Viewer: Application: Warning: WinMgmt:
Event 63: A provider, HiPerfCooker_v1, has been registered in the WMI
namespace, Root\WMI, to use the local system account. This account is
privileged and the provider may cause a security violation if it does not
correctly impersonate user requests.

 

[Ben Vail]

I believe it is a warning that the named program can be run by other users as
the current user. It may provide a point for priviledge elevation (someone on
a guest account, say, being able to install programs) but only if the program
contains an exploit...

If the program is trusted, there is not really anything to worry about. I
can't seem to find _what_ the program is, I imagine it's a Microsoft thing?

Does anyone know what it is or what it does?

 

[ElizaDoolittle]

I have a whole string of things like that, including Rsop Planning Mode
Provider, CmdTriggerConsumer, OffProv10, and others that have that same
"impersonate" language. All on a hard drive that had been cleared with DBAN,
Active@, fdisk on a Win98 disk, and choosing the long format option with my
retail XPPro SP2 disk--all that, and these things show up before--BEFORE--the
machine is connected to the net.

I wish I could offer a solution, but the closest I've come so far is a
Microsoft engineer who told me, after working with me on the phone for over
an hour, "we know about this issue, and have been working on it for 4
months--can I please reschedule for next week?"

 

[ryandmiller1]

I have a whole string of things like that, including Rsop Planning Mode
Provider, CmdTriggerConsumer, OffProv10, and others that have that same
"impersonate" language.  All on a hard drive that had been cleared withDBAN,
Active@, fdisk on a Win98 disk, and choosing the long format option with my
retail XPPro SP2 disk--all that, and these things show up before--BEFORE--the
machine is connected to the net.  

I wish I could offer a solution, but the closest I've come so far is a
Microsoft engineer who told me, after working with me on the phone for over
an hour, "we know about this issue, and have been working on it for 4
months--can I please reschedule for next week?"

Im having the same string of WMI issues, any update?

 

[ElizaDoolittle]

Microsoft's wonderful "do not worry" support has delivered the following:

I spent an hour with a very sincere-sounding Level 2 tech around Sept. 15
who told me he had me on hold so much because he was talking with their
research department. He told me at that time that the research group has been
aware and working on this issue for 3 1/2 months. He asked could they please
have another week.

He did call back in a week, and unfortunately, winds from Hurricane Ike had
blown away my net connection. I mentioned to him that I hadn't received the
e-mail he promised to send, although he said that he did have those that I
had sent. While we were on the phone, he said he was re-sending the email he
sent earlier, and Jay rescheduled for this past Tuesday. I didn't get a call,
and I also didn't get any emails from Jay.

Yesterday, I got a call from the Abandon Cases department, saying they had
been unable to reach me by phone despite having tried three times, and I had
not responded to their emails. There have been no voice mails, no missed
calls on my caller id, and no e-mails.

They promised a call from the Level 2 group that day, yesterday, Wednesdy
9-25, between 3-5, I call at 4:10 to get on the record as being reachable
during the appoitned time. Do not worry, I was told, you will get a call. At
5:50, still no call, Do not worry, I was told, my manager is escalating this
case, and you will get a call within 15-30 minutes, at the very least to tell
you they need to reschedule.

Do not worry, I am going to start posting this issue on as many relevant
boards as I can find.

 

[ElizaDoolittle]

If you've googled any of these terms, you might want to consider looking at
the security permissions in WMIMGMT.msc. You will likely find, in your
freshly nuked and reinstalled XP system, some users called "authorized users"
and "System."

A MS tech affirmed for me, after I discovered that the only default accounts
are Administrators, Local Service, Network service, and Everyone, that ithis
is not right. I can tell, you won't break anything (except, possibly,
security products such as Microsoft Updates and Microsoft Security
Essentials--and other manufacturers) by eradicating these accounts, but I am
still working on having them tell me what I need to set it right. I will
post when I know more.