Details
Product: Windows Operating System
ID: 63
Source: WinMgmt
Version: 5.2
Symbolic Name: WBEM_MC_PROVIDER_SUBSYSTEM_LOCALSYSTEM_PROVIDER_LOAD
Message: A provider, %1, has been registered in the WMI namespace, %2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Explanation
The Windows Management Instrumentation (WMI) provider subsystem runs individual providers within specific COM servers based on their required security level. Only administrators are allowed to register providers and configure their required security level, and only trusted providers should be configured to use LocalSystem. This warning message is an audit record indicating that the provider is running with the privileges of the LocalSystem account.
User Action
Verify that the provider is trusted and requires the privileges of the LocalSystem account.
If the provider is not trusted, change the hosting model to either LocalServiceHost or NetworkServiceHost by changing the HostingModel property of the _Win32Provider instance for the specific provider. To do this, use Cscript to run the following script after modifying the namespace and provider variables to match those reported in the message.
' Change the hosting model for a WMI provider
computer = “.”
namespace = “root\cimv2”
provider = “ProviderName”
const wbemNotFound = &h80041002
Set objWMIService = GetObject(“winmgmts:\\“ & computer & “\” & namespace)
Set colSWbemObjectSet = objWMIService.ExecQuery(“select * from __Win32Provider where name = '“ & provider & “'”)
count = 0
for each providerObj in colSwbemObjectSet
wscript.echo “Changing hosting model for provider ” & provider & “ in “ & namespace & ” namespace”
wscript.echo “Old value: “ & providerObj.HostingModel
' Use NetworkServiceHost for providers that need remote access to other machines
' Use LocalServiceHost for providers that do not need remote access
providerObj.HostingModel = “LocalServiceHost”
providerObj.Put_
wscript.echo “New value: “ & providerObj.HostingModel
count = count + 1
next
if (count = 0) then
wscript.echo “Provider “ & provider & “ not found in “ & namespace & “ namespace.”
end if
If the provider depends upon the higher privileges of the LocalSystem account, it might not function correctly with the lower privilege. Note that some providers included with Windows require LocalSystem to operate correctly.
For more information about provider hosting and security, see the MSDN article Provider Hosting and Security.
--------------------------------------------------------------------------------
Currently there are no Microsoft Knowledge Base articles available for this specific error or event message. For information about other support options you can use to find answers online, see http://support.micro...om/default.aspx.