JorgeSimarroVillar
asked on
WMI closed by DEP
Hi,
After applying the last MS patches to a Domain Controller, Data Execution Prevention is closing WMI and don't know the reason.
If I go to DEP manager I can see that DEP is turned on and WMI as an exception but it's unchecked. I guess that somebody added WMI as an exception a time ago and one of those patches recently installed has uncheked the box.
Why is DEP closing WMI?, I wouldn't like to have to add WMI as an exception and I'd like to know what issues or security risks could have if I add WMI to exceptions lists for DEP.
Thank you.
After applying the last MS patches to a Domain Controller, Data Execution Prevention is closing WMI and don't know the reason.
If I go to DEP manager I can see that DEP is turned on and WMI as an exception but it's unchecked. I guess that somebody added WMI as an exception a time ago and one of those patches recently installed has uncheked the box.
Why is DEP closing WMI?, I wouldn't like to have to add WMI as an exception and I'd like to know what issues or security risks could have if I add WMI to exceptions lists for DEP.
Thank you.
Hello,
Try checking the status of WMI, itself.
http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=D7BA3CD6-18D1-4D05-B11E-4C64192AE97D&displaylang=en
Try checking the status of WMI, itself.
http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=D7BA3CD6-18D1-4D05-B11E-4C64192AE97D&displaylang=en
ASKER
Hi Firebar,
I didn't use the WMI Diagnosis Utility, but I followed the steps detailed in the article (http://myitforum.com/cs2/blogs/jgilbert/archive/2008/01/11/how-to-check-the-wmi-repository-before-rebuilding-it.aspx) and didn't get any error in the setup.log after running the command rundll32 wbemupgd, CheckWMISetup.
I think WMI repository is Ok.
Thank you.
I didn't use the WMI Diagnosis Utility, but I followed the steps detailed in the article (http://myitforum.com/cs2/blogs/jgilbert/archive/2008/01/11/how-to-check-the-wmi-repository-before-rebuilding-it.aspx) and didn't get any error in the setup.log after running the command rundll32 wbemupgd, CheckWMISetup.
I think WMI repository is Ok.
Thank you.
Hello,
You could disable DEP across the board; http://technet.microsoft.com/en-us/library/cc738483%28WS.10%29.aspx
"AlwaysOff"
You could disable DEP across the board; http://technet.microsoft.com/en-us/library/cc738483%28WS.10%29.aspx
"AlwaysOff"
ASKER
Of course, and I can to add a exception for WMI, but I don't want to disable a security mechanism, just want to know why it's failing just in one of our several servers.
Hi,
As per your above comments it appear that DEP is enabled in your Environment and is being used with Exception.
If that is the rule, possibility appears that somebody who is got administrator rights on the Server has unchecked the WMI exception.
If the above rule is true, you could check other servers in your Environment and if they have WMI checked as an exception, you could check event logs to find out if any exceptions have been modified in DEP on this server.
Alternately you could try a system restore incase you have a System Checkpoint for a date before the patches were applied and check the status of the WMI exception to ensure the patches have not caused the uncheck and then reapply patches manually, but since this is a Server and i am not sure such an amount of Downtime would be available in your Environment.
As per your above comments it appear that DEP is enabled in your Environment and is being used with Exception.
If that is the rule, possibility appears that somebody who is got administrator rights on the Server has unchecked the WMI exception.
If the above rule is true, you could check other servers in your Environment and if they have WMI checked as an exception, you could check event logs to find out if any exceptions have been modified in DEP on this server.
Alternately you could try a system restore incase you have a System Checkpoint for a date before the patches were applied and check the status of the WMI exception to ensure the patches have not caused the uncheck and then reapply patches manually, but since this is a Server and i am not sure such an amount of Downtime would be available in your Environment.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you.