Continuing on my path of figuring out group policy I came across some errors on our Windows XP machines in the event log that I’ve been trying to repair for awhile now. For some reason the printers aren’t deploying to our Windows XP machines and I’m thinking it’s because the machines are having problems pulling the policy off the domain controller. I also needed to use the system information tool to send to our anti-virus company so they could troubleshoot an issue we’re having with their software. But when I went to system information it said it could not collect the data. It was event ID 1090, the source is Userenv, and it says:
I’ve been looking up this error for weeks trying to decipher how to repair Windows Management Instrumentation. Nearly every site and forum I found said either to empty the c:\windows\system32\wbem\repository folder, re-register the dll files associated with WMI, or do a repair installation of Windows XP. I emptied that folder I don’t know how many times. I tried using system file checker to replace any corrupted system files. I also ran the WMI diagnostic tool you can download from Microsoft to see if that would point me in any other directions, but I didn’t find it terribly helpful – except for one thing I found in the log file that it generates.
I came across the same error when I tried to re-register the dll files and when I ran the diagnostic tool.
!! ERROR: WMI CONNECTION errors occured for the following namespaces:
.1581 14:13:07 (0) ** – Root, 0x80070005 – Access is denied..
.1582 14:13:07 (0) ** – Root, 0x80070005 – Access is denied..
.1583 14:13:07 (0) ** – Root/Default, 0x80070005 – Access is denied..
.1584 14:13:07 (0) ** – Root/CIMv2, 0x80070005 – Access is denied..
.1585 14:13:07 (0) ** – Root/WMI, 0x80070005 – Access is denied..
Access denied? I had no idea why access would be denied. I’m the admin and have full permissions. Well today I finally figured out the problem. Since I was having problems today using the system information tool, I googled that error and came across this forum that had a script in it. When I tried to run the script the first time on my account I got the access denied errors again. So I went to the run box and typed services.msc. I looked at the WMI service to see what account it was logging on as, it says local administrator account. Well that’s good, so I next look at the remote procedure call (RPC) service and that one originally said log on as NT Authority or some other network account.
Well I changed that one to local administrator, rebooted the machine in safe mode so that no services were running, and ran the script from that forum again. It took awhile but I noticed it wasn’t throwing any access denied errors. I rebooted the machine, logged in on my regular network account and did not see a single RSoP error in the event log. Success.
Copy this script into notepad or some other text editor and save it as fixwmi.cmd. When you go to save as you’ll have to select all files in the file type so it doesn’t save as a text file.
cd /d c:\temp
if not exist %windir%\system32\wbem goto TryInstall
cd /d %windir%\system32\wbem
net stop winmgmt
if exist Rep_bak rd Rep_bak /s /q
rename Repository Rep_bak
for %%i in (*.dll) do RegSvr32 -s %%i
for %%i in (*.exe) do call :FixSrv %%i
for %%i in (*.mof,*.mfl) do Mofcomp %%i
net start winmgmt
if /I (%1) == (wbemcntl.exe) goto SkipSrv
if /I (%1) == (wbemtest.exe) goto SkipSrv
if /I (%1) == (mofcomp.exe) goto SkipSrv
if not exist wmicore.exe goto End
net start winmgmt
Now I’m seeing another error related to to group policy, but hey, at least it isn’t a WMI error.