Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

A provider, has been registered in WMI namespace

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 4 posts
The event viewer is showing me this winmgmt error in the application messages. I followed the link to the microsoft help but still can't understand what it means. Do you think its a problem and I should try to run the script?

Product: Windows Operating System
ID: 63
Source: WinMgmt
Version: 5.2
Message: A provider, %1, has been registered in the WMI namespace, %2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

The Windows Management Instrumentation (WMI) provider subsystem runs individual providers within specific COM servers based on their required security level. Only administrators are allowed to register providers and configure their required security level, and only trusted providers should be configured to use LocalSystem. This warning message is an audit record indicating that the provider is running with the privileges of the LocalSystem account.

User Action
Verify that the provider is trusted and requires the privileges of the LocalSystem account.

If the provider is not trusted, change the hosting model to either LocalServiceHost or NetworkServiceHost by changing the HostingModel property of the _Win32Provider instance for the specific provider. To do this, use Cscript to run the following script after modifying the namespace and provider variables to match those reported in the message.

' Change the hosting model for a WMI provider

computer = “.”
namespace = “root\cimv2”
provider = “ProviderName”

const wbemNotFound = &h80041002

Set objWMIService = GetObject(“winmgmts:\\“ & computer & “\” & namespace)
Set colSWbemObjectSet = objWMIService.ExecQuery(“select * from __Win32Provider where name = '“ & provider & “'”)

count = 0
for each providerObj in colSwbemObjectSet
wscript.echo “Changing hosting model for provider ” & provider & “ in “ & namespace & ” namespace”
wscript.echo “Old value: “ & providerObj.HostingModel

' Use NetworkServiceHost for providers that need remote access to other machines
' Use LocalServiceHost for providers that do not need remote access
providerObj.HostingModel = “LocalServiceHost”

wscript.echo “New value: “ & providerObj.HostingModel
count = count + 1

if (count = 0) then
wscript.echo “Provider “ & provider & “ not found in “ & namespace & “ namespace.”
end if

If the provider depends upon the higher privileges of the LocalSystem account, it might not function correctly with the lower privilege. Note that some providers included with Windows require LocalSystem to operate correctly.

For more information about provider hosting and security, see the MSDN article Provider Hosting and Security.


Currently there are no Microsoft Knowledge Base articles available for this specific error or event message. For information about other support options you can use to find answers online, see http://support.micro...om/default.aspx.
  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP