Warning message in event viewer

Discussion in 'Windows Desktop Systems' started by DeeBeeS, Aug 10, 2005.

  1. DeeBeeS

    DeeBeeS OSNN Addict

    Messages:
    125
    Location:
    Southern Ireland
    On checking the event viewer-applications I got this warning:

    Windows Operating System
    ID: 63
    Source: WinMgmt
    Version: 5.2
    Symbolic Name: WBEM_MC_PROVIDER_SUBSYSTEM_LOCALSYSTEM_PROVIDER_LOAD
    Message: A provider, %1, has been registered in the WMI namespace, %2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.

    Explanation
    The Windows Management Instrumentation (WMI) provider subsystem runs individual providers within specific COM servers based on their required security level. Only administrators are allowed to register providers and configure their required security level, and only trusted providers should be configured to use LocalSystem. This warning message is an audit record indicating that the provider is running with the privileges of the LocalSystem

    Can someone please tell me what this is and how I should correct this. Thanks very much in advance.

    David
     
  2. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    Technically this is only a warning, so it's not a huge issue. Is this occuring on a Domain Controller, workstation, can I have more info?
     
    DeeBeeS likes this.
  3. madmatt

    madmatt Bow Down to the King Political User

    Messages:
    13,312
    Location:
    New York
    Chief, as usual, is correct. This is a warning that can be safely ignored. Usually seen right after you install new software (such as Office).
     
  4. DeeBeeS

    DeeBeeS OSNN Addict

    Messages:
    125
    Location:
    Southern Ireland
    Thanks fellas for your quick response. I have been having trouble lately with IE and OE - system hang ups. I tried various things I got from forums but there was no difference. What my problem was that I would log on to OE check emails then close OE and click on the IE icon and nothing happened, in fact nothing would happen if I clicked on any icon. Then suddenly about 5 minutes later every icon I pressed would open all at the same time.

    In view of this I decided to re-install SP2 which I did and it was after that that I got the message in the event viewer. I am glad it is nothing serious.

    Anyway the initial problem I had is still there but it is now intermittent so I still haven't found the answer. Thanks once again for your help.

    David
     
  5. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    You might consider a re-install of Windows. If not to fix your problem, because you un-installed and then re-installed SP2, your registry is probably a mess. This will cause you problems in the longrun, if it hasn't already.
     
  6. DeeBeeS

    DeeBeeS OSNN Addict

    Messages:
    125
    Location:
    Southern Ireland
    Ok kcnychief thanks for the info. Now perhaps I could ask for your help. First of all if I reformat I have the original XP disk which I will have to use first and then use the SP2 disk I got from microsoft OK. I have a lot of emails stored in folders on OE and of course the address book. I believe there is a way to copy these emails to another folder but I have no idea how this is done. Most of the installed programmes I have copied onto a CDRom so there would not be any problems there. Perhaps you can advise. Thanks once again.

    David
     
  7. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    In regards to OE, this should do the trick..

    http://email.about.com/cs/oetipstricks/qt/et102502.htm
     
  8. DeeBeeS

    DeeBeeS OSNN Addict

    Messages:
    125
    Location:
    Southern Ireland
    Wow that was quick, I have had a look and this as you say will do the trick. My repeated thanks.

    Dave
     
  9. kcnychief

    kcnychief █▄█ ▀█▄ █ Political User Folding Team

    Messages:
    16,948
    Location:
    Massachusetts
    No problem :)
     
  10. Mastershakes

    Mastershakes Moderator

    Messages:
    1,721
    Location:
    Montreal
    http://www.windowsitpro.com/Article/ArticleID/39623/39623.html

    "Although this warning sounds serious, it's an informational message letting you know that WMI has received a registration for a new provider that will run with elevated privileges (SYSTEM). If you're satisfied that this component can run safely with these privileges, you can ignore this message. Otherwise, you might want to uninstall the provider component or contact the provider's manufacturer."

    Now, just looking at your issue.... IE and OE freezing.... and something attempting (and maybe succeeding) to run itself with elevated privledges.....

    Smells of spyware/adware/malware

    Have you scanned lately? Spybot, Adaware, Hijack This, Microsoft Anti-spyware will assist you.
     
  11. DeeBeeS

    DeeBeeS OSNN Addict

    Messages:
    125
    Location:
    Southern Ireland
    Yes I did all the checks, no problem found. I did a reformat and was able to get rid of a load of rubbish and things are sweet. The info of backing up email's worked fine, but I forgot to do the address list. Thanks everyone for your help.

    David