(forgot to include subject on previous post)
I'm not sure what group to post this in, so please let me know of a better
I did not post to Microsoft's WMI newsgroup because it is used so little.
I'm trying to understand and optimize my new Vista computer. All I have
done with it so far is boot up the preinstalled Vista Home Basic, and
explored some of its features and non-features (like lack of built-in fax
On a separate WXPPro-Sp2 system, my WMI service has failed. So I downloaded
Microsoft's WMI Diagnosis Utility -- Version 2.0 from
On my WXP system WmiDiag.vbs showed many problems, which I am trying to
I ran WmiDiag.vbs on my new Vista system, expecting no errors, but expecting
to see how it works on a good system. In the summary section of the output,
(0) ** 32 error(s) 0x80041003 - (WBEM_E_ACCESS_DENIED) Current user does not
have permission to perform the action
(0) ** => This error is typically due to insufficient or restricted
permissions in the examined system.
(0) ** => ENSURE you are a Full Administrator of the examined system, if the
WMI provider or the
(0) ** WMI system security do not enforce any restrictions.
Well, of course I'm the only admistrator of the system, so I assume (silly
me) that I am the 'Full Administrator'.
In the details section of the output, I see things like:
(0) ** WMI namespace security for 'Root':
(1) !! ERROR: Default trustee 'BUILTIN\ADMINISTRATORS' has been REMOVED!
(0) ** - REMOVED ACE:
(0) ** ACEType: &h0
(0) ** ACCESS_ALLOWED_ACE_TYPE
(0) ** ACEFlags: &h12
(0) ** CONTAINER_INHERIT_ACE
(0) ** INHERITED_ACE
(0) ** ACEMask: &h6003F
(0) ** WBEM_ENABLE
(0) ** WBEM_METHOD_EXECUTE
(0) ** WBEM_FULL_WRITE_REP
(0) ** WBEM_PARTIAL_WRITE_REP
(0) ** WBEM_WRITE_PROVIDER
(0) ** WBEM_REMOTE_ACCESS
(0) ** WBEM_WRITE_DAC
(0) ** WBEM_READ_CONTROL
(0) ** => The REMOVED ACE was part of the DEFAULT setup for the trustee.
(0) ** Removing default security will cause some operations to fail!
(0) ** It is possible to fix this issue by editing the security
descriptor and adding the ACE.
(0) ** For WMI namespaces, this can be done with 'WMIMGMT.MSC'.
I get the feeling that during the initial boot/setup process, the Default
trustee 'BUILTIN\ADMINISTRATORS' was created and did some stuff, and was
then deleted before I got control of the computer, and that the trustee had
credentials over some things that I, as the sole owner and user of the
computer, do not currently have.
Question 1: Is it possible to give myself, the only administrator, full
control over everything on my computer, including what this defunct trustee
had, and if so, how? I'd prefer a VBScript way, but any help would be
Question 2: Where can I read up on this stuff? URLs greatly appreciated.
Thanks for any help you can give me.