45510 21:16:09 (0) ** WMIDiag v2.2 started on 8 czerwca 2016 at 21:08. 45511 21:16:09 (0) ** 45512 21:16:09 (0) ** Copyright (c) Microsoft Corporation. All rights reserved - July 2007. 45513 21:16:09 (0) ** 45514 21:16:09 (0) ** This script is not supported under any Microsoft standard support program or service. 45515 21:16:09 (0) ** The script is provided AS IS without warranty of any kind. Microsoft further disclaims all 45516 21:16:09 (0) ** implied warranties including, without limitation, any implied warranties of merchantability 45517 21:16:09 (0) ** or of fitness for a particular purpose. The entire risk arising out of the use or performance 45518 21:16:09 (0) ** of the scripts and documentation remains with you. In no event shall Microsoft, its authors, 45519 21:16:09 (0) ** or anyone else involved in the creation, production, or delivery of the script be liable for 45520 21:16:09 (0) ** any damages whatsoever (including, without limitation, damages for loss of business profits, 45521 21:16:09 (0) ** business interruption, loss of business information, or other pecuniary loss) arising out of 45522 21:16:09 (0) ** the use of or inability to use the script or documentation, even if Microsoft has been advised 45523 21:16:09 (0) ** of the possibility of such damages. 45524 21:16:09 (0) ** 45525 21:16:09 (0) ** 45526 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45527 21:16:09 (0) ** ----------------------------------------------------- WMI REPORT: BEGIN ---------------------------------------------------------- 45528 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45529 21:16:09 (0) ** 45530 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45531 21:16:09 (0) ** Windows 8.1 - No Service Pack - 64-bit (9600) - User 'M4RTIN77\MARCEL' on computer 'M4RTIN77'. 45532 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45533 21:16:09 (0) ** INFO: Environment: .................................................................................................. 1 ITEM(S)! 45534 21:16:09 (0) ** INFO: => 19 possible incorrect shutdown(s) detected on: 45535 21:16:09 (0) ** - Shutdown on 18 January 2015 14:14:50 (GMT-0). 45536 21:16:09 (0) ** - Shutdown on 01 February 2015 10:43:09 (GMT-0). 45537 21:16:09 (0) ** - Shutdown on 09 March 2015 11:19:55 (GMT-0). 45538 21:16:09 (0) ** - Shutdown on 10 March 2015 21:06:20 (GMT-0). 45539 21:16:09 (0) ** - Shutdown on 07 June 2015 15:58:31 (GMT-0). 45540 21:16:09 (0) ** - Shutdown on 19 June 2015 17:42:13 (GMT-0). 45541 21:16:09 (0) ** - Shutdown on 22 June 2015 12:03:21 (GMT-0). 45542 21:16:09 (0) ** - Shutdown on 11 July 2015 11:01:50 (GMT-0). 45543 21:16:09 (0) ** - Shutdown on 13 July 2015 15:47:27 (GMT-0). 45544 21:16:09 (0) ** - Shutdown on 15 July 2015 17:45:12 (GMT-0). 45545 21:16:09 (0) ** - Shutdown on 03 August 2015 16:52:32 (GMT-0). 45546 21:16:09 (0) ** - Shutdown on 13 August 2015 17:04:39 (GMT-0). 45547 21:16:09 (0) ** - Shutdown on 25 August 2015 14:46:52 (GMT-0). 45548 21:16:09 (0) ** - Shutdown on 27 August 2015 16:02:41 (GMT-0). 45549 21:16:09 (0) ** - Shutdown on 22 September 2015 10:08:09 (GMT-0). 45550 21:16:09 (0) ** - Shutdown on 24 September 2015 15:46:10 (GMT-0). 45551 21:16:09 (0) ** - Shutdown on 03 April 2016 21:14:29 (GMT-0). 45552 21:16:09 (0) ** - Shutdown on 26 April 2016 12:54:32 (GMT-0). 45553 21:16:09 (0) ** - Shutdown on 05 May 2016 11:01:16 (GMT-0). 45554 21:16:09 (0) ** 45555 21:16:09 (0) ** System drive: ....................................................................................................... C: (Dysk #0 partycja #2). 45556 21:16:09 (0) ** Drive type: ......................................................................................................... IDE (ST1000LM024 HN-M101MBB). 45557 21:16:09 (0) ** There are no missing WMI system files: .............................................................................. OK. 45558 21:16:09 (0) ** There are no missing WMI repository files: .......................................................................... OK. 45559 21:16:09 (0) ** WMI repository state: ............................................................................................... N/A. 45560 21:16:09 (0) ** AFTER running WMIDiag: 45561 21:16:09 (0) ** The WMI repository has a size of: ................................................................................... 30 MB. 45562 21:16:09 (0) ** - Disk free space on 'C:': .......................................................................................... 143931 MB. 45563 21:16:09 (0) ** - INDEX.BTR, 5464064 bytes, 2016-06-08 21:10:58 45564 21:16:09 (0) ** - MAPPING1.MAP, 84512 bytes, 2016-06-08 21:10:58 45565 21:16:09 (0) ** - MAPPING2.MAP, 84492 bytes, 2016-06-08 18:04:28 45566 21:16:09 (0) ** - OBJECTS.DATA, 25223168 bytes, 2016-06-08 21:10:58 45567 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45568 21:16:09 (0) ** INFO: Windows Firewall status: ...................................................................................... ENABLED. 45569 21:16:09 (0) ** Windows Firewall Profile: ........................................................................................... PRIVATE. 45570 21:16:09 (0) ** Inbound connections that do not match a rule BLOCKED: ............................................................... ENABLED. 45571 21:16:09 (0) ** => This will prevent any WMI remote connectivity to this computer except 45572 21:16:09 (0) ** if the following three inbound rules are ENABLED and non-BLOCKING: 45573 21:16:09 (0) ** - 'Windows Management Instrumentation (DCOM-In)' 45574 21:16:09 (0) ** - 'Windows Management Instrumentation (WMI-In)' 45575 21:16:09 (0) ** - 'Windows Management Instrumentation (ASync-In)' 45576 21:16:09 (0) ** Verify the reported status for each of these three inbound rules below. 45577 21:16:09 (0) ** 45578 21:16:09 (0) ** Windows Firewall 'Windows Management Instrumentation (WMI)' group rule: ............................................. DISABLED. 45579 21:16:09 (0) ** => This will prevent any WMI remote connectivity to/from this machine. 45580 21:16:09 (0) ** - You can adjust the configuration by executing the following command: 45581 21:16:09 (0) ** i.e. 'NETSH.EXE ADVFIREWALL FIREWALL SET RULE GROUP="Windows Management Instrumentation (WMI)" NEW ENABLE=YES' 45582 21:16:09 (0) ** Note: With this command all inbound and outbound WMI rules are activated at once! 45583 21:16:09 (0) ** You can also enable each individual rule instead of activating the group rule. 45584 21:16:09 (0) ** 45585 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45586 21:16:09 (0) ** DCOM Status: ........................................................................................................ OK. 45587 21:16:09 (0) ** WMI registry setup: ................................................................................................. OK. 45588 21:16:09 (0) ** INFO: WMI service has dependents: ................................................................................... 2 SERVICE(S)! 45589 21:16:09 (0) ** - Security Center (WSCSVC, StartMode='Automatic') 45590 21:16:09 (0) ** - Internet Connection Sharing (ICS) (SHAREDACCESS, StartMode='Disabled') 45591 21:16:09 (0) ** => If the WMI service is stopped, the listed service(s) will have to be stopped as well. 45592 21:16:09 (0) ** Note: If the service is marked with (*), it means that the service/application uses WMI but 45593 21:16:09 (0) ** there is no hard dependency on WMI. However, if the WMI service is stopped, 45594 21:16:09 (0) ** this can prevent the service/application to work as expected. 45595 21:16:09 (0) ** 45596 21:16:09 (0) ** RPCSS service: ...................................................................................................... OK (Already started). 45597 21:16:09 (0) ** WINMGMT service: .................................................................................................... OK (Already started). 45598 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45599 21:16:09 (0) ** WMI service DCOM setup: ............................................................................................. OK. 45600 21:16:09 (0) ** WMI components DCOM registrations: .................................................................................. OK. 45601 21:16:09 (0) ** WMI ProgID registrations: ........................................................................................... OK. 45602 21:16:09 (0) ** WMI provider DCOM registrations: .................................................................................... OK. 45603 21:16:09 (0) ** WMI provider CIM registrations: ..................................................................................... OK. 45604 21:16:09 (0) ** WMI provider CLSIDs: ................................................................................................ OK. 45605 21:16:09 (0) ** WMI providers EXE/DLL availability: ................................................................................. OK. 45606 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45607 21:16:09 (0) ** INFO: User Account Control (UAC): ................................................................................... ENABLED. 45608 21:16:09 (0) ** => WMI tasks requiring Administrative privileges on this computer MUST run in an elevated context. 45609 21:16:09 (0) ** i.e. You can start your scripts or WMIC commands from an elevated command 45610 21:16:09 (0) ** prompt by right clicking on the 'Command Prompt' icon in the Start Menu and 45611 21:16:09 (0) ** selecting 'Run as Administrator'. 45612 21:16:09 (0) ** i.e. You can also execute the WMI scripts or WMIC commands as a task 45613 21:16:09 (0) ** in the Task Scheduler within the right security context. 45614 21:16:09 (0) ** 45615 21:16:09 (0) ** INFO: Local Account Filtering: ...................................................................................... ENABLED. 45616 21:16:09 (0) ** => WMI tasks remotely accessing WMI information on this computer and requiring Administrative 45617 21:16:09 (0) ** privileges MUST use a DOMAIN account part of the Local Administrators group of this computer 45618 21:16:09 (0) ** to ensure that administrative privileges are granted. If a Local User account is used for remote 45619 21:16:09 (0) ** accesses, it will be reduced to a plain user (filtered token), even if it is part of the Local Administrators group. 45620 21:16:09 (0) ** 45621 21:16:09 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 45622 21:16:09 (1) !! ERROR: Default trustee 'NT AUTHORITY\ANONYMOUS LOGON' has been REMOVED! 45623 21:16:09 (0) ** - REMOVED ACE: 45624 21:16:09 (0) ** ACEType: &h0 45625 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45626 21:16:09 (0) ** ACEFlags: &h0 45627 21:16:09 (0) ** ACEMask: &h3 45628 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45629 21:16:09 (0) ** DCOM_RIGHT_ACCESS_LOCAL 45630 21:16:09 (0) ** 45631 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45632 21:16:09 (0) ** Removing default security will cause some operations to fail! 45633 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45634 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45635 21:16:09 (0) ** 45636 21:16:09 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 45637 21:16:09 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED! 45638 21:16:09 (0) ** - REMOVED ACE: 45639 21:16:09 (0) ** ACEType: &h0 45640 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45641 21:16:09 (0) ** ACEFlags: &h0 45642 21:16:09 (0) ** ACEMask: &h7 45643 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45644 21:16:09 (0) ** DCOM_RIGHT_ACCESS_LOCAL 45645 21:16:09 (0) ** DCOM_RIGHT_ACCESS_REMOTE 45646 21:16:09 (0) ** 45647 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45648 21:16:09 (0) ** Removing default security will cause some operations to fail! 45649 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45650 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45651 21:16:09 (0) ** 45652 21:16:09 (0) ** DCOM security for 'My Computer' (Access Permissions/Edit Limits): ................................................... MODIFIED. 45653 21:16:09 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 45654 21:16:09 (0) ** - REMOVED ACE: 45655 21:16:09 (0) ** ACEType: &h0 45656 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45657 21:16:09 (0) ** ACEFlags: &h0 45658 21:16:09 (0) ** ACEMask: &h7 45659 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45660 21:16:09 (0) ** DCOM_RIGHT_ACCESS_LOCAL 45661 21:16:09 (0) ** DCOM_RIGHT_ACCESS_REMOTE 45662 21:16:09 (0) ** 45663 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45664 21:16:09 (0) ** Removing default security will cause some operations to fail! 45665 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45666 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45667 21:16:09 (0) ** 45668 21:16:09 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 45669 21:16:09 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 45670 21:16:09 (0) ** - REMOVED ACE: 45671 21:16:09 (0) ** ACEType: &h0 45672 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45673 21:16:09 (0) ** ACEFlags: &h0 45674 21:16:09 (0) ** ACEMask: &h1F 45675 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45676 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45677 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 45678 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45679 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 45680 21:16:09 (0) ** 45681 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45682 21:16:09 (0) ** Removing default security will cause some operations to fail! 45683 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45684 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45685 21:16:09 (0) ** 45686 21:16:09 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 45687 21:16:09 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED! 45688 21:16:09 (0) ** - REMOVED ACE: 45689 21:16:09 (0) ** ACEType: &h0 45690 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45691 21:16:09 (0) ** ACEFlags: &h0 45692 21:16:09 (0) ** ACEMask: &h1F 45693 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45694 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45695 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 45696 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45697 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 45698 21:16:09 (0) ** 45699 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45700 21:16:09 (0) ** Removing default security will cause some operations to fail! 45701 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45702 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45703 21:16:09 (0) ** 45704 21:16:09 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Default): ..................................... MODIFIED. 45705 21:16:09 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED! 45706 21:16:09 (0) ** - REMOVED ACE: 45707 21:16:09 (0) ** ACEType: &h0 45708 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45709 21:16:09 (0) ** ACEFlags: &h0 45710 21:16:09 (0) ** ACEMask: &h1F 45711 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45712 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45713 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 45714 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45715 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 45716 21:16:09 (0) ** 45717 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45718 21:16:09 (0) ** Removing default security will cause some operations to fail! 45719 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45720 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45721 21:16:09 (0) ** 45722 21:16:09 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 45723 21:16:09 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 45724 21:16:09 (0) ** - REMOVED ACE: 45725 21:16:09 (0) ** ACEType: &h0 45726 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45727 21:16:09 (0) ** ACEFlags: &h0 45728 21:16:09 (0) ** ACEMask: &h1F 45729 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45730 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45731 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 45732 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45733 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 45734 21:16:09 (0) ** 45735 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45736 21:16:09 (0) ** Removing default security will cause some operations to fail! 45737 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45738 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45739 21:16:09 (0) ** 45740 21:16:09 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 45741 21:16:09 (1) !! ERROR: Default trustee 'BUILTIN\PERFORMANCE LOG USERS' has been REMOVED! 45742 21:16:09 (0) ** - REMOVED ACE: 45743 21:16:09 (0) ** ACEType: &h0 45744 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45745 21:16:09 (0) ** ACEFlags: &h0 45746 21:16:09 (0) ** ACEMask: &h1F 45747 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45748 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45749 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 45750 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45751 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 45752 21:16:09 (0) ** 45753 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45754 21:16:09 (0) ** Removing default security will cause some operations to fail! 45755 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45756 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45757 21:16:09 (0) ** 45758 21:16:09 (0) ** DCOM security for 'My Computer' (Launch & Activation Permissions/Edit Limits): ...................................... MODIFIED. 45759 21:16:09 (1) !! ERROR: Default trustee 'EVERYONE' has been REMOVED! 45760 21:16:09 (0) ** - REMOVED ACE: 45761 21:16:09 (0) ** ACEType: &h0 45762 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45763 21:16:09 (0) ** ACEFlags: &h0 45764 21:16:09 (0) ** ACEMask: &hB 45765 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45766 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45767 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45768 21:16:09 (0) ** 45769 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45770 21:16:09 (0) ** Removing default security will cause some operations to fail! 45771 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45772 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45773 21:16:09 (0) ** 45774 21:16:09 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 45775 21:16:09 (1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED! 45776 21:16:09 (0) ** - REMOVED ACE: 45777 21:16:09 (0) ** ACEType: &h0 45778 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45779 21:16:09 (0) ** ACEFlags: &h0 45780 21:16:09 (0) ** ACEMask: &h1F 45781 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45782 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45783 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 45784 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45785 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 45786 21:16:09 (0) ** 45787 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45788 21:16:09 (0) ** Removing default security will cause some operations to fail! 45789 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45790 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45791 21:16:09 (0) ** 45792 21:16:09 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 45793 21:16:09 (1) !! ERROR: Default trustee 'NT AUTHORITY\INTERACTIVE' has been REMOVED! 45794 21:16:09 (0) ** - REMOVED ACE: 45795 21:16:09 (0) ** ACEType: &h0 45796 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45797 21:16:09 (0) ** ACEFlags: &h0 45798 21:16:09 (0) ** ACEMask: &h1F 45799 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45800 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45801 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 45802 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45803 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 45804 21:16:09 (0) ** 45805 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45806 21:16:09 (0) ** Removing default security will cause some operations to fail! 45807 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45808 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45809 21:16:09 (0) ** 45810 21:16:09 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 45811 21:16:09 (1) !! ERROR: Default trustee 'NT AUTHORITY\SYSTEM' has been REMOVED! 45812 21:16:09 (0) ** - REMOVED ACE: 45813 21:16:09 (0) ** ACEType: &h0 45814 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45815 21:16:09 (0) ** ACEFlags: &h0 45816 21:16:09 (0) ** ACEMask: &h1F 45817 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45818 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45819 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 45820 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45821 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 45822 21:16:09 (0) ** 45823 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45824 21:16:09 (0) ** Removing default security will cause some operations to fail! 45825 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45826 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45827 21:16:09 (0) ** 45828 21:16:09 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 45829 21:16:09 (1) !! ERROR: Default trustee 'NT AUTHORITY\NETWORK SERVICE' has been REMOVED! 45830 21:16:09 (0) ** - REMOVED ACE: 45831 21:16:09 (0) ** ACEType: &h0 45832 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45833 21:16:09 (0) ** ACEFlags: &h0 45834 21:16:09 (0) ** ACEMask: &h1F 45835 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45836 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45837 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 45838 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45839 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 45840 21:16:09 (0) ** 45841 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45842 21:16:09 (0) ** Removing default security will cause some operations to fail! 45843 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45844 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45845 21:16:09 (0) ** 45846 21:16:09 (0) ** DCOM security for 'Microsoft WMI Provider Subsystem Host' (Launch & Activation Permissions): ........................ MODIFIED. 45847 21:16:09 (1) !! ERROR: Default trustee 'NT AUTHORITY\LOCAL SERVICE' has been REMOVED! 45848 21:16:09 (0) ** - REMOVED ACE: 45849 21:16:09 (0) ** ACEType: &h0 45850 21:16:09 (0) ** ACCESS_ALLOWED_ACE_TYPE 45851 21:16:09 (0) ** ACEFlags: &h0 45852 21:16:09 (0) ** ACEMask: &h1F 45853 21:16:09 (0) ** DCOM_RIGHT_EXECUTE 45854 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_LOCAL 45855 21:16:09 (0) ** DCOM_RIGHT_LAUNCH_REMOTE 45856 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_LOCAL 45857 21:16:09 (0) ** DCOM_RIGHT_ACTIVATE_REMOTE 45858 21:16:09 (0) ** 45859 21:16:09 (0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee. 45860 21:16:09 (0) ** Removing default security will cause some operations to fail! 45861 21:16:09 (0) ** It is possible to fix this issue by editing the security descriptor and adding the ACE. 45862 21:16:09 (0) ** For DCOM objects, this can be done with 'DCOMCNFG.EXE'. 45863 21:16:09 (0) ** 45864 21:16:09 (0) ** 45865 21:16:09 (0) ** DCOM security warning(s) detected: .................................................................................. 0. 45866 21:16:09 (0) ** DCOM security error(s) detected: .................................................................................... 14. 45867 21:16:09 (0) ** WMI security warning(s) detected: ................................................................................... 0. 45868 21:16:09 (0) ** WMI security error(s) detected: ..................................................................................... 0. 45869 21:16:09 (0) ** 45870 21:16:09 (1) !! ERROR: Overall DCOM security status: ................................................................................ ERROR! 45871 21:16:09 (0) ** Overall WMI security status: ........................................................................................ OK. 45872 21:16:09 (0) ** - Started at 'Root' -------------------------------------------------------------------------------------------------------------- 45873 21:16:09 (0) ** INFO: WMI permanent SUBSCRIPTION(S): ................................................................................ 1. 45874 21:16:09 (0) ** - ROOT/SUBSCRIPTION, NTEventLogEventConsumer.Name="SCM Event Log Consumer". 45875 21:16:09 (0) ** 'select * from MSFT_SCMEventLogEvent' 45876 21:16:09 (0) ** 45877 21:16:09 (0) ** WMI TIMER instruction(s): ........................................................................................... NONE. 45878 21:16:09 (0) ** INFO: WMI namespace(s) requiring PACKET PRIVACY: .................................................................... 4 NAMESPACE(S)! 45879 21:16:09 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTTPM. 45880 21:16:09 (0) ** - ROOT/CIMV2/SECURITY/MICROSOFTVOLUMEENCRYPTION. 45881 21:16:09 (0) ** - ROOT/CIMV2/TERMINALSERVICES. 45882 21:16:09 (0) ** - ROOT/SERVICEMODEL. 45883 21:16:09 (0) ** => When remotely connecting, the namespace(s) listed require(s) the WMI client to 45884 21:16:09 (0) ** use an encrypted connection by specifying the PACKET PRIVACY authentication level. 45885 21:16:09 (0) ** (RPC_C_AUTHN_LEVEL_PKT_PRIVACY or PktPrivacy flags) 45886 21:16:09 (0) ** i.e. 'WMIC.EXE /NODE:"M4RTIN77" /AUTHLEVEL:Pktprivacy /NAMESPACE:\\ROOT\SERVICEMODEL Class __SystemSecurity' 45887 21:16:09 (0) ** 45888 21:16:09 (0) ** WMI MONIKER CONNECTIONS: ............................................................................................ OK. 45889 21:16:09 (1) !! ERROR: WMI CONNECTION errors occured for the following namespaces: .................................................. 1 ERROR(S)! 45890 21:16:09 (0) ** - Root/aspnet, 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found. 45891 21:16:09 (0) ** 45892 21:16:09 (1) !! ERROR: WMI GET operation errors reported: ........................................................................... 2 ERROR(S)! 45893 21:16:09 (0) ** - Root/CIMV2, Win32_PerfFormattedData_TermService_TerminalServicesSession, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 45894 21:16:09 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 45895 21:16:09 (0) ** - Root/CIMV2, Win32_PerfRawData_TermService_TerminalServicesSession, 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found. 45896 21:16:09 (0) ** MOF Registration: 'WMI information not available (This could be the case for an external application or a third party WMI provider)' 45897 21:16:09 (0) ** 45898 21:16:09 (0) ** WMI MOF representations: ............................................................................................ OK. 45899 21:16:09 (0) ** WMI QUALIFIER access operations: .................................................................................... OK. 45900 21:16:09 (0) ** WMI ENUMERATION operations: ......................................................................................... OK. 45901 21:16:09 (0) ** WMI EXECQUERY operations: ........................................................................................... OK. 45902 21:16:09 (1) !! ERROR: WMI GET VALUE operation errors reported: ..................................................................... 1 ERROR(S)! 45903 21:16:09 (0) ** - Root/CIMV2, Instance: Win32_Service='WSCSVC', Property: Displayname='Centrum zabezpieczeń' (Expected default='Security Center'). 45904 21:16:09 (0) ** 45905 21:16:09 (0) ** WMI WRITE operations: ............................................................................................... NOT TESTED. 45906 21:16:09 (0) ** WMI PUT operations: ................................................................................................. NOT TESTED. 45907 21:16:09 (0) ** WMI DELETE operations: .............................................................................................. NOT TESTED. 45908 21:16:09 (0) ** WMI static instances retrieved: ..................................................................................... 1920. 45909 21:16:09 (0) ** WMI dynamic instances retrieved: .................................................................................... 0. 45910 21:16:09 (0) ** WMI instance request cancellations (to limit performance impact): ................................................... 1. 45911 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45912 21:16:09 (0) ** # of Event Log events BEFORE WMIDiag execution since the last 20 day(s): 45913 21:16:09 (0) ** DCOM: ............................................................................................................. 0. 45914 21:16:09 (0) ** WINMGMT: .......................................................................................................... 0. 45915 21:16:09 (0) ** WMIADAPTER: ....................................................................................................... 0. 45916 21:16:09 (0) ** 45917 21:16:09 (0) ** # of additional Event Log events AFTER WMIDiag execution: 45918 21:16:09 (0) ** DCOM: ............................................................................................................. 0. 45919 21:16:09 (0) ** WINMGMT: .......................................................................................................... 0. 45920 21:16:09 (0) ** WMIADAPTER: ....................................................................................................... 0. 45921 21:16:09 (0) ** 45922 21:16:09 (0) ** 1 error(s) 0x8004100E - (WBEM_E_INVALID_NAMESPACE) Namespace specified cannot be found 45923 21:16:09 (0) ** 45924 21:16:09 (0) ** 2 error(s) 0x80041002 - (WBEM_E_NOT_FOUND) Object cannot be found 45925 21:16:09 (0) ** => This error is typically a WMI error. This WMI error is due to: 45926 21:16:09 (0) ** - a missing WMI class definition or object. 45927 21:16:09 (0) ** (See any GET, ENUMERATION, EXECQUERY and GET VALUE operation failures). 45928 21:16:09 (0) ** You can correct the missing class definitions by: 45929 21:16:09 (0) ** - Manually recompiling the MOF file(s) with the 'MOFCOMP ' command. 45930 21:16:09 (0) ** Note: You can build a list of classes in relation with their WMI provider and MOF file with WMIDiag. 45931 21:16:09 (0) ** (This list can be built on a similar and working WMI Windows installation) 45932 21:16:09 (0) ** The following command line must be used: 45933 21:16:09 (0) ** i.e. 'WMIDiag CorrelateClassAndProvider' 45934 21:16:09 (0) ** Note: When a WMI performance class is missing, you can manually resynchronize performance counters 45935 21:16:09 (0) ** with WMI by starting the ADAP process. 45936 21:16:09 (0) ** - a WMI repository corruption. 45937 21:16:09 (0) ** In such a case, you must rerun WMIDiag with 'WriteInRepository' parameter 45938 21:16:09 (0) ** to validate the WMI repository operations. 45939 21:16:09 (0) ** Note: ENSURE you are an administrator with FULL access to WMI EVERY namespaces of the computer before 45940 21:16:09 (0) ** executing the WriteInRepository command. To write temporary data from the Root namespace, use: 45941 21:16:09 (0) ** i.e. 'WMIDiag WriteInRepository=Root' 45942 21:16:09 (0) ** - If the WriteInRepository command fails, while being an Administrator with ALL accesses to ALL namespaces 45943 21:16:09 (0) ** the WMI repository must be reconstructed. 45944 21:16:09 (0) ** Note: The WMI repository reconstruction requires to locate all MOF files needed to rebuild the repository, 45945 21:16:09 (0) ** otherwise some applications may fail after the reconstruction. 45946 21:16:09 (0) ** This can be achieved with the following command: 45947 21:16:09 (0) ** i.e. 'WMIDiag ShowMOFErrors' 45948 21:16:09 (0) ** Note: The repository reconstruction must be a LAST RESORT solution and ONLY after executing 45949 21:16:09 (0) ** ALL fixes previously mentioned. 45950 21:16:09 (2) !! WARNING: Static information stored by external applications in the repository will be LOST! (i.e. SMS Inventory) 45951 21:16:09 (0) ** 45952 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45953 21:16:09 (0) ** WMI Registry key setup: ............................................................................................. OK. 45954 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45955 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45956 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45957 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45958 21:16:09 (0) ** 45959 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45960 21:16:09 (0) ** ------------------------------------------------------ WMI REPORT: END ----------------------------------------------------------- 45961 21:16:09 (0) ** ---------------------------------------------------------------------------------------------------------------------------------- 45962 21:16:09 (0) ** 45963 21:16:09 (0) ** ERROR: WMIDiag detected issues that could prevent WMI to work properly!. Check 'C:\USERS\MARCEL\APPDATA\LOCAL\TEMP\WMIDIAG-V2.2_WIN8.1_.CLI.RTM.64_M4RTIN77_2016.06.08_21.08.38.LOG' for details. 45964 21:16:09 (0) ** 45965 21:16:09 (0) ** WMIDiag v2.2 ended on 8 czerwca 2016 at 21:16 (W:164 E:133 S:1).