WMI Local Access denied on Win2k3

Alan Tang · Aug 1, 2005

Hello:

I got "Access Denied" on using local administrator and all user. Does
any hints that I can fix it?

Thansk a lot!

Marty List · Aug 1, 2005

What are you trying to do when you get this error? Post your script, and the
exact steps you are taking.

Alan Tang · Aug 2, 2005

Hello:

I am not using the script. I just right click the "WMI Control" form
the Computer Management and got the "Access Denied".

I also try to use the "tasklist" form resource kit and slao got the same
error.

Thanks!

James Crosswell · Aug 2, 2005

Alan said:
Hello:

I got "Access Denied" on using local administrator and all user. Does
any hints that I can fix it?

Thansk a lot!

Is there an error number? If there is, that would help determine whether
it's an RPC or a WMI access denied error.

--

Best Regards,

James Crosswell
Software Engineer
Microforge.net Limited
http://www.microforge.net

Marty List · Aug 2, 2005

Try troubleshooting with the freeware tool "File Monitor" (FileMon.exe) from
http://www.sysinternals.com/

Run this tool while you re-create the error message, and then review the filemon
activity to try and find the source of the problem.

James Crosswell · Aug 2, 2005

Alan said:
Hello:

I just got the following error screen. I am using the local
administrator! When I run tasklist.exe from resource kit also got same
error!

Thanks!

Hm - looks like WMI is up and running. Maybe check out the security
settings in "wmimgmt.msc". Right click on "WMI Control (Local)" and
select properties... then look under the security tab. Make sure the
local administrator has rights to everything under CIMV2, at least.

--

Best Regards,

James Crosswell
Software Engineer
Microforge.net Limited
http://www.microforge.net

Marty List · Aug 2, 2005

If you can open the Security tab, compare the permissions with another system
that is working correctly.

Daniel Kandersack · Aug 2, 2005

i am experiencing this same issue on multiple servers. i have been
troubleshooting this for days at end and nothing seems to be helping.

i have done the following:
Rebuilt the wmi repository
I am logged into the server with a domain admin account which is still apart
of the local admin group.
checked that all dependencies are running
administrators group has full control to the root\cimv2 namespace
(reregistered the wmi components
winmgmt /clearadap
winmgmt /kill
winmgmt /unregserver
winmgmt /regserver
winmgmt /resyncperf)

my opion is that a virus got onto this server which has been clensed
completly but has currupted something in refrence to wmi.

any and all help would be much appreciated.

Alan Tang · Aug 3, 2005

Marty said:
If you can open the Security tab, compare the permissions with another system
that is working correctly.

I have try to compare and rebuild the WMI but seems no improve. How can
I troubshoot it?

Thanks!

James Crosswell · Aug 3, 2005

Alan said:
Marty List wrote:

I have try to compare and rebuild the WMI but seems no improve. How can
I troubshoot it?

I don't think you need to rebuild WMI - the error you're getting back is
security related. You need to modify permissions, not rebuild the
repository.

--

Best Regards,

James Crosswell
Software Engineer
Microforge.net Limited
http://www.microforge.net

Daniel Kandersack · Aug 3, 2005

ok i have been narrowing this down. we installed a brand new 2003 server and
everything was accessable. we then applied every patch for the 2003 o/s from
windows update one by one testing the functionality inbetween every update.
this test proved to be successful for it seams that the update"kb890830" is
what is causing us to recieve this access denied error.
http://support.microsoft.com/?kbid=890830
this update is a malicious software removal tool. i have been trying to find
documentation on removing this update but it is not located in add/remove
programs or is it intended to be. if anyone finds out more information on
this please let me know

Thank you
Daniel Kandersack

James Crosswell · Aug 4, 2005

Daniel said:
ok i have been narrowing this down. we installed a brand new 2003 server and
everything was accessable. we then applied every patch for the 2003 o/s from
windows update one by one testing the functionality inbetween every update.
this test proved to be successful for it seams that the update"kb890830" is
what is causing us to recieve this access denied error.
http://support.microsoft.com/?kbid=890830
this update is a malicious software removal tool. i have been trying to find
documentation on removing this update but it is not located in add/remove
programs or is it intended to be. if anyone finds out more information on
this please let me know

Well you should be able to remove the update from:
C:\WINNT\$NtUninstallKB890830$\spuninst\

None the less, it would be good to find out what this SP is doing and
why it's breaking WMI on these machines. I'll try installing it on the
Win2003 Server I have here and see if I get the same results.

--

Best Regards,

James Crosswell
Software Engineer
Microforge.net Limited
http://www.microforge.net

Torgeir Bakken \(MVP\) · Aug 4, 2005

James said:
Well you should be able to remove the update from:
C:\WINNT\$NtUninstallKB890830$\spuninst\

No, not this one.

From the FAQ section at
http://support.microsoft.com/kb/890830

Q2: What installer does this tool use?
A2: The tool does not install or update files on a computer. Therefore
the tool does not use an installer, such as Windows Installer or
Update.exe. It is packaged within a self-extracting CAB executable
to reduce the size of the package.

Q3: How do I uninstall the tool?
A3: The tool is not installed on the computer. No Program folder entry
or Add / Remove Programs entry is created when the tool is run.

None the less, it would be good to find out what this SP is doing and
why it's breaking WMI on these machines. I'll try installing it on the
Win2003 Server I have here and see if I get the same results.

This issue is very strange, I cannot see how this tool would be able
to break the WMI installation...

Daniel Kandersack · Aug 4, 2005

could be locking down registry entries perhaps? i cant get detailed
infromation on this patch due to the fact i guess that with this information
a person who writes this malware would have to much information.. im still
investigating will keep you all posted

Torgeir Bakken \(MVP\) · Aug 4, 2005

Daniel said:
could be locking down registry entries perhaps?

Very unlikely...

The only thing this tool does is look for the malicious software
programs listed at http://support.microsoft.com/kb/890830 and
removes them if found.

Alan Tang · Aug 5, 2005

Does remove it can solve this issue?

Remote WMI Query of Event Log with Non-Administrator Account	0	Aug 10, 2009
access denied on remote WMI calls	2	Mar 20, 2007
WMI script launched by Scheduler	2	Jul 20, 2005
"Win32_Processor: WMI: Access denied" and "Win32_OperatingSystem: WMI: Access denied"	3	Oct 14, 2004
Win32_Processor: WMI: Access denied	2	Aug 15, 2005
Lots of computers with corrupted WMI...	4	Sep 5, 2005
WMI remote Access denied	9	Jun 1, 2005
Huge WMI / DCOM / Security problem..	1	Feb 14, 2006

WMI Local Access denied on Win2k3

Alan Tang

Marty List

Alan Tang

James Crosswell

Marty List

James Crosswell

Marty List

Daniel Kandersack

Alan Tang

James Crosswell

Daniel Kandersack

James Crosswell

Torgeir Bakken \(MVP\)

Daniel Kandersack

Torgeir Bakken \(MVP\)

Alan Tang

Ask a Question

Similar Threads