WMI Provider Hosting
Applies To: Windows Server 2008
WMI resides in a shared service host with several other services. To avoid stopping all of the services when a provider fails, providers are loaded into a separate host process named "Wmiprvse.exe." More than one process with this name can be running. Each can run under a different account with different security. For computers running on the Vista operating system, use the winmgmt command to run WMI in a separate process, by itself, using a fixed port.
The shared host can run under one of the following system accounts in a Wmiprvse.exe host process:
- LocalSystem
- NetworkService
- LocalService
A provider can also be a local COM server (.exe), or self-hosted, which does not require a WMI provider host.
Events
| Event ID | Source | Message |
|---|---|---|
Microsoft-Windows-WMI |
The %1 provider has been registered in the WMI namespace, %2, to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. |