Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Microsoft
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: security implications of disabling WMI service

from [Jitendra Kalyankar] Network Security [Permanent Link]
Subject: Re: security implications of disabling WMI service
Date: Fri, 13 Oct 2006 13:34:50 +0100 
I can see you resolved the issue, but there is nice utility from
Microsoft which is basically a VB Script which checks and suggests
corrective actions if problem is found with WMI. You can download it
from the following link...

http://www.microsoft.com/technet/scriptcenter/topics/help/wmidiag.mspx

Nice utility I would say, it helped me to resolve many WMI issues in
the past....


--
Sincerely,
J

On 10/12/06, Free, Bob <RWF4@pge.com> wrote: 
>can I run something like process explorer or regmon/filemon

The enterprise versions of filemon/regmon can be run across the network
which is extremely usefull on occasion. One more good reason to drop a
few coins on the AdminPack :-)

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com]
On Behalf Of Murda Mcloud
Sent: Wednesday, October 11, 2006 3:45 PM
To: nikhil@niiconsulting.com ; focus-ms@securityfocus.com
Subject: RE: Re: security implications of disabling WMI service

Okay, I found a hotfix at MS for it
http://support.microsoft.com/kb/911262
and have applied it but it did seem to take a few reboots and disabling
then re-enabling the service before it worked.

Now what I couldn't work out was whether the WMI service needed to be
running WHEN the hotfix was applied(does that make sense?)

So I found that instead of disabling the service through msconfig I
rebooted and then reenabled the service through services.msc and set it
to auto and then rebooted and it worked.
A question I found myself asking also was can I run something like
process explorer or regmon/filemon before logging in? For instance, if a
startup script runs before logon, how do I check what files/services are
being used/called?

-----Original Message-----
From: listbounce@securityfocus.com [mailto:listbounce@securityfocus.com ]
On Behalf Of nikhil@niiconsulting.com
Sent: Thursday, October 12, 2006 12:08 AM
To: focus-ms@securityfocus.com
Subject: Re: Re: security implications of disabling WMI service

Hello Harlan,

               Yes, by saying "makes use" I mean to say it's an
dependency.
"Windows Security Center" & "Windows ICS", both these services depends
on Windows Management Instrumentation (WMI) service. If you disable WMI
service, then above mentioned Service would fail to start.

Nikhil Wagholikar
Security Analyst

NII Consulting
Web: www.niiconsulting.com

------------------------------------------------------------------------
---
------------------------------------------------------------------------
---




------------------------------------------------------------------------
---
------------------------------------------------------------------------
---


---------------------------------------------------------------------------
---------------------------------------------------------------------------






--
Sincerely,
Jitendra Kalyankar

---------------------------------------------------------------------------
---------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Re: security implications of disabling WMI service, Free, Bob
Next by Date:  Log Parser queries, nemanja . janic
Previous by Thread:  RE: Re: security implications of disabling WMI service, Free, Bob
Next by Thread:  SecurityFocus Microsoft Newsletter #312, mfossi
Indexes:  [Date] [Thread] [Top] [All Lists]