Author Topic: Windows 7 and WMI revisited  (Read 7069 times)

0 Members and 1 Guest are viewing this topic.

Offline plox

  • Newbie
  • *
  • Join Date: Jun 2013
  • Posts: 9
  • Karma: 0
    • View Profile
Windows 7 and WMI revisited
« on: September 29, 2019, 04:31:11 am »
Please see my original post made on: September 05, 2017, 09:27:59 PM :

https://www.tweaking.com/forums/index.php/topic,5442.0.html

I cannot understand why after all this time this problem still exists and has not been fixed.

Using Windows Repair Portable 4.5.5 I had occasion to carry out the standard repair yesterday and sure enough the registry value in HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt's Image path has  been reset to netsvcs.

This disables WMI and Security Centre

Please adjust whatever repair module that alters this setting to set:
Key Name: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt
Value Name: ImagePath
Value: %systemroot%\system32\svchost.exe -k winmgmt

 


See attached correct WMI Services screenshot after  netsvcs has been replaced with winmgmt.

Thank you very much

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #1 on: September 29, 2019, 07:56:36 am »
I'll pass this on to Shane - it may have slipped through the net as he was extremely busy then.

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #2 on: September 29, 2019, 04:59:36 pm »
- You can change the content of the registry info yourself for the next time(s) you run WR.

- Change the content of that registry entry (think: Regedit). Export the content of the registry info that is under/in the subkeys:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt]  and
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]

under the name "winmgmt.reg" in the subfolder "XXXXX\files\regfiles\7". XXXXX is the folder in which you installed WR.

WARNING: Make a copy of the registry first. E.g. with  the Tweaking's Registry Backup program. (Also included in the WR package).

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #3 on: September 30, 2019, 09:34:04 am »
- When you open that "winmgmt.reg" with e.g. Notepad then you'll see the Original content. That info/data is copied into the registry by WR each time when a few repairs are run.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #4 on: October 01, 2019, 07:02:02 am »
I've just ran the look up tool and on my Win 7x64 Home Premium it is showing as -k netswcs

I've run WR on that machine but can't remember if I restored with a system image afterwards.

However, Windows Update, WMI and the Security Centre are working fine.

On my Win 10 x64 Home where WR has never been run, it's showing as -k netswcs -p

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #5 on: October 01, 2019, 10:05:43 am »
@Plox:  Is your Win 7 Ultimate system a 32 bit system ?

- I re-read that old thread and it seems that is the common thing in the thread. It seems that when the user has a 32 bit system (Vista or Win 7) this errors occurs. Then it seems that the user must replace the text

      -k netscvs

with the text

      -k winmgmt.
« Last Edit: October 02, 2019, 02:05:07 pm by Willy2 »

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #6 on: October 02, 2019, 02:02:50 pm »
@Boggin:  It should be "-k netsvcs" instead of "-k netswcs" (with a "w").

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #7 on: October 02, 2019, 02:09:10 pm »
- Yes, I re-read that one thread once again and it seems "Plox" has indeed a 32 bit (!!!) Win 7 Ultimate system.
« Last Edit: October 02, 2019, 02:14:06 pm by Willy2 »

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #8 on: October 02, 2019, 02:46:18 pm »
@Boggin:  It should be "-k netsvcs" instead of "-k netswcs" (with a "w").

Yes, you're right.

I thought it should have been a v but I guess I was seeing double through my specs.

Offline plox

  • Newbie
  • *
  • Join Date: Jun 2013
  • Posts: 9
  • Karma: 0
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #9 on: October 04, 2019, 02:20:23 am »
Hello everyone.

Thanks for your contributions.

Interesting that k netsvcs works for 64 bit versions. Not sure what the -p does for the W10 Home version but yes I am on a WIN 7 Ultimate 32 bit system Willy 2.

I have backed up the original Winmgmt.reg and  replaced it with the exported values from my system and placed it in the location you suggested in WR  Portable 4.5.5 . Strange Shane's versión is 3.02 KB in size whereas my exported version which also contain a Security value is 1.98 KB.

Will it get overwritten when I upgrade to the next WR version? 

I am more than happy to share a copy of it and upload it for anyone that needs it.

Anyone know which module runs the Winmgmt.reg, as it might be advisable to avoid running it till Shane fixes it.



 

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #10 on: October 04, 2019, 02:26:19 am »
It's Repair #5 on the list to uncheck.

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #11 on: October 04, 2019, 06:19:56 am »
- Was Plox' reply removed ?
- Nope. WMI is repaired in repairs #5 and #25.

Offline Boggin

  • Global Moderator
  • Hero Member
  • *****
  • Join Date: Jul 2014
  • Posts: 10182
  • Location: UK
  • Karma: 122
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #12 on: October 04, 2019, 06:55:54 am »
plox may not have been back since my reply.

I think Repair #25 just re-registers the services so that wouldn't necessarily change the path - although I could be wrong.

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #13 on: October 04, 2019, 07:09:26 am »
@Plox: In reply #2 I gave a way to "fix" this problem.

Offline plox

  • Newbie
  • *
  • Join Date: Jun 2013
  • Posts: 9
  • Karma: 0
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #14 on: October 04, 2019, 06:31:45 pm »
Hi

I don't know why my message below has  a pink background  on my muter but it seems to be awaiting approval for publication.

Thanks again both of you, Willy2 I have taken up your solution and yet to test it but I wonder if Shane's Winmgmt.reg is the same for 32 and 64 bit in which  case an if statement  if allowed in .reg files (if system 32 bit then... otherwise...)  might solve it.

Cheers

----------

Online plox
Newbie
*
Join Date: Jun 2013
Posts: 4
Karma: 0
View Profile Personal Message (Online)

Re: Windows 7 and WMI revisited
« Reply #9 on: Today at 02:20:23 AM »
QuoteModify
Note: This message is awaiting approval by a moderator.

Hello everyone.


Thanks for your contributions.

Interesting that k netsvcs works for 64 bit versions. Not sure what the -p does for the W10 Home version but yes I am on a WIN 7 Ultimate 32 bit system Willy 2.

I have backed up the original Winmgmt.reg and  replaced it with the exported values from my system and placed it in the location you suggested in WR  Portable 4.5.5 . Strange Shane's versión is 3.02 KB in size whereas my exported version which also contain a Security value is 1.98 KB.

Will it get overwritten when I upgrade to the next WR version?

I am more than happy to share a copy of it and upload it for anyone that needs it.

Anyone know which module runs the Winmgmt.reg, as it might be advisable to avoid running it till Shane fixes it.

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #15 on: October 05, 2019, 12:12:35 am »
- Make a backup of the registry.
- Use Eusing's Registry Defragment program to compact the registry files. As time goes by the registry gets more and more bloated.

http://www.eusing.com/free_registry_defrag/registry_defrag.htm

I assume that after this exporting those keys the files will have the same size.


- You must compare the visible content of that part of the registry (export it first) and the file "wmimgmt.reg" (open them with e.g. Notepad). If they are the same before you change that from "netsvc" to "winmgmt" then you can replace "winmgmt.reg" with your own version.
- If you install a new version of WR the all info will be overwritten. So, you need to keep a copy of all the appropriate files for the next version of WR.

- In the days of Windows XP everyone was running a 32 bit system. But as time went by more and more people started to use a 64 bit systems. It seems it was MS made a mistake here at this point. I am NOT convinced that Shane is able to provide a solution for this problem/mistake.

- The 2 repairs called "Repair WMI" and "Restore Important Services" both write the info from "Winmgmt.reg" into/to the registry.

Offline plox

  • Newbie
  • *
  • Join Date: Jun 2013
  • Posts: 9
  • Karma: 0
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #16 on: October 06, 2019, 01:14:13 am »
Thanks Willy2.

I use Registrar Registry Manager (free version) for when working with the registry and it exported the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt key (the one I changed) as one reg file including subkeys Parameters and Security.

It's the orininal Shane netsvc wmimgmt.reg file that is bigger than the winmgmt one I replaced it with after altering the path in the registry.  A bit difficlut to tell as they are saved in hex format but the image path servicedll numbers  and are different when opened in Notepad. No matter, I'll soon know next time I do a repair if it has worked. I can always run (I hope) the altered reg by itself in safe mode to merge it into the regitsry or manually change it if needs be,

It seems that conditional statements are not allowed in reg files but are in bat files.

The only solution I reckon would be to have two wmimgmt.reg files (wmimgmt.reg and wmimgmtx86.reg) and (if possible) a script that somehow  gets the system type and then runs the appropriate reg file during the  "Repair WMI" and "Restore Important Services" repairs or when completed to correct the problem/mistake.

It may be a bit too complicated to implement and since the trend is towards 64 bit systems (all new one I've looked at are) not considered worthwile.

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #17 on: October 06, 2019, 01:26:22 pm »
- But WR doesn't write the entire content of that registry entry. It only writes a part of that key into the registry.

Offline Willy2

  • Hero Member
  • *****
  • Join Date: Oct 2011
  • Posts: 1165
  • Karma: 18
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #18 on: October 06, 2019, 04:12:08 pm »
- Compare the registry content with the content of "Winmgmt.reg" !!!

Offline plox

  • Newbie
  • *
  • Join Date: Jun 2013
  • Posts: 9
  • Karma: 0
    • View Profile
Re: Windows 7 and WMI revisited
« Reply #19 on: October 06, 2019, 07:25:55 pm »
Quote
Willy2 wrote - Compare the registry content with the content of "Winmgmt.reg" !!!

Winmgmt.reg from Windows Repair Portable 4.5.5 -  size 3.03KB

 - these are the values it wrote to the registry after the WR and which disabled WMI, Security Centre etc.... by the k netsvcs value it inserted.

Windows Registry Editor Version 5.00 -
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt]
"DisplayName"="Windows Management Instrumentation"
"ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
  74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
  00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
  6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"Description"="Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"ObjectName"="localSystem"
"ErrorControl"=dword:00000000
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
"ServiceSidType"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,02,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
  00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
  77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\
  00,6c,00,6c,00,00,00
"ServiceMain"="ServiceMain"

-------

Quote
Willy2 wrote - But WR doesn't write the entire content of that registry entry. It only writes a part of that key into the registry.
You may be right,  the Security  subkey must have been there already - size 1.98KB

Altered Winmgmt.reg from registry  after  I manually changed the image path  from k netsvcs to  k winmgmt, see the screenshot posted before :

REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt]
"DisplayName"="Windows Management Instrumentation"
"ImagePath"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,6d,33,\
  32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,77,69,6e,6d,67,6d,74,00
"Description"="Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start."
"ObjectName"="localSystem"
"ErrorControl"=dword:00000000
"Start"=dword:00000002
"Type"=dword:00000020
"DependOnService"=hex(7):52,50,43,53,53,00,00
"ServiceSidType"=dword:00000001
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,02,00,00,00,14,00,00,\
  00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00
"DelayedAutoStart"=dword:00000000
"Group"=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]
"ServiceDllUnloadOnStop"=dword:00000001
"ServiceDll"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,73,79,73,74,65,6d,\
  33,32,5c,77,62,65,6d,5c,57,4d,49,73,76,63,2e,64,6c,6c,00
"ServiceMain"="ServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Security]
"Security"=hex:01, & a whole set of numbers.

This ^^^^^^ is what is now the Winmgmt.reg in Windows Repair Portable 4.5.5 as I have replaced the original one with it.

Hope that makes sense to you.