- Joined
- Jul 31, 2009
- Messages
- 1
- Reaction score
- 0
Hello. I have a very technical question regarding wmiprvse.exe and XP machines.
It is my understanding that this file is responsible for most packages to do inventory of machines on a network, including, the installed software database, or registry hive, or whatever file provides the installed software list for an XP machine and hands it over to wmiprvse.exe.
I am wondering if there is a way to trick this process so that it can get a false reading?
For instance, say you didn't want your helpdesk support to know you were running a certain piece of software for whatever reason and you wanted to have that piece of software omitted from the software inventory process, etc. As an example, I know someone who has a Creative Labs Zen player, and a photo editing program, and if they install the software on their machine, Helpdesk will automatically send a message to the persons manager saying they must remove the software.
Is this an easy task to accomplish? (for instance, having wmiprvse report back that these 2 pieces of software were not installed, or were different pieces of software, etc.) One location is a registry area:
http://support.microsoft.com/kb/314481
If a peice of software is given a different name in the key above, will the software still function, and will it report back the modified name? Is there another location besides the registry that wmiprvse uses instead, or is this reg key area the only possible way that this service can inventory installed software? I thought I read that there is another.
I know you can prevent the process by granting exclusive rights to the wmiprvse.exe file in its location of system32\wbem folder, however, that prevents all inventory, and at the same time, may make a machine become unstable. I say may because I never really tested for very long if a machine truly becomes unstable using this method. Sometimes its difficult to tell without extensive testing and sometimes the warnings are vague, etc.
Just wondering if anyone has any insight into this whole process, and ways to defeat the software inventory portion without granting exclusive rights to the file (which in turn prevents the file from running, and from using windows file protection from overwriting the file with a new copy).
thanks
It is my understanding that this file is responsible for most packages to do inventory of machines on a network, including, the installed software database, or registry hive, or whatever file provides the installed software list for an XP machine and hands it over to wmiprvse.exe.
I am wondering if there is a way to trick this process so that it can get a false reading?
For instance, say you didn't want your helpdesk support to know you were running a certain piece of software for whatever reason and you wanted to have that piece of software omitted from the software inventory process, etc. As an example, I know someone who has a Creative Labs Zen player, and a photo editing program, and if they install the software on their machine, Helpdesk will automatically send a message to the persons manager saying they must remove the software.
Is this an easy task to accomplish? (for instance, having wmiprvse report back that these 2 pieces of software were not installed, or were different pieces of software, etc.) One location is a registry area:
http://support.microsoft.com/kb/314481
If a peice of software is given a different name in the key above, will the software still function, and will it report back the modified name? Is there another location besides the registry that wmiprvse uses instead, or is this reg key area the only possible way that this service can inventory installed software? I thought I read that there is another.
I know you can prevent the process by granting exclusive rights to the wmiprvse.exe file in its location of system32\wbem folder, however, that prevents all inventory, and at the same time, may make a machine become unstable. I say may because I never really tested for very long if a machine truly becomes unstable using this method. Sometimes its difficult to tell without extensive testing and sometimes the warnings are vague, etc.
Just wondering if anyone has any insight into this whole process, and ways to defeat the software inventory portion without granting exclusive rights to the file (which in turn prevents the file from running, and from using windows file protection from overwriting the file with a new copy).
thanks
Last edited: