Broken WMI - Access is denied

[mkruger]

Hello all,

Following all the great advice in this forum, I built an unattended XP SP3 image (with applications) which for the most part works really well.

My only problem is the resulting installation always has WMI problems (access is denied when doing remote WMI queries).

I even tried adding in the "WMIreset.exe" from RyanVM (called in cmdlines.txt)....but WMI still is broken.

The only way I have been able to fix it is by manually doing a complete WMI rebuild:

rundll32.exe setupapi,InstallHinfSection WBEM 132 %windir%\inf\wbemoc.inf

That's a real pain and can sometimes cause file version mismatches (breaking all sorts of stuff....like DCOM, DNS clients, Network drive mappings, etc.). And it does not always solve the problem either.

Anyway....since I am not always the most intuitive problem solver, at first I thought it might be my XP Pro SP2 retail source which I slipstreamed SP3 into (and then further modified to accept an OEM SLP key). But even after swapping that out for an XP Pro SP3 VLK source (also tweaked for OEM SLP)....the problems remain. So the XP source does not appear to be the cause of the problem.

This left me to believe it probably is caused by my stripped down and repackaged DotNet 3.5 SP1 installer which I've been calling via RunOnceEx.cmd

I really want to include DotNet in my image because it's a prerequisite for powershell 2.0...which also is in the image.

But even when commenting those lines out of RunOnceEx, the problem continues.....leaving me back to believing it's a problem introduced by Service Pack 3.

The problem is easily seen using any kind of remote WMI query (such as Get-wmiobject in powershell). And yes, I am passing proper admin credentials in my queries.

Here is the full contents of the error as fed back to powershell.....

Get-WmiObject : Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))
At line:1 char:14
+ get-wmiobject <<<<  -ComputerName 192.168.1.128 win32_operatingsystem
    + CategoryInfo          : NotSpecified: ( [Get-WmiObject], UnauthorizedAccessException
    + FullyQualifiedErrorId : System.UnauthorizedAccessException,Microsoft.PowerShell.Commands.GetWmiObjectCommand

Anyone ever run into this?

[mkruger]

....I may have just found the answer to this perplexing issue.

See http://stackoverflow.com/questions/570464/remote-wmi-with-windows-xp-sp3

If XP isn't in a domain then the "Use Simple File Sharing" option, found in the Folder Options control panel applet, works it magic. If this option is enabled (the default) all file sharing connections are done with the guest user credential, but this also is applied to incoming DCOM connections as well.

Disabling this option allows DCOM connections to be verified as expected.

I will need to do another build to verify this....but on my latest build where, even after rebuilding WMI, it still didn't work....disabling simple file sharing resolved the problem.

This registry tweak should solve the problem.....

;Do not use Simple File Sharing
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"forceguest"=dword:00000000

Edited March 1, 2011 by mkruger

[GrofLuigi]

WMIDiag probably would have helped.

GL

[mkruger]

Yes, I tried WMIdiag a while back, but found it has not been updated since service pack 2 and....as a result....it gives some false errors when run on a post SP3 installation.