Hi,
I am attempting to write relevance to determine the existence of system restore points (volume shadow copy service) but BigFix doesn’t seem to be able to evaluate the expression. Other WMI queries work fine, but the Win32_ShadowCopy class doesn’t seem to be accessible. Any help would be appreciated.
Q: selects “InstallDate from Win32_ShadowCopy” of wmi
E: The expression could not be evaluated: Windows Error 0x80041014: Initialization failure
Thanks
Your expression works ok for me.
Q: selects "InstallDate from Win32_ShadowCopy" of wmi
A: InstallDate=20210723165203.618325+060
A: InstallDate=20210802103749.919567+060
A: InstallDate=20210809214538.939293+060
T: 0.093 ms
Maybe an issue on the machine with access permissions to the WMI namespace, or an issue with the integrity of WMI for that particular class?
Interesting - I get the same initialization failure
I can normally run wmi queries OK
But this is on a machine with no VSS Shadow copies (disabled by GPO)
I can replicate this, by disabling the Volume Shadow Copy service. That would make sense as the Win32_ShadowCopy class is probably bound to the service.
Thank you both for testing, I’ve tried on multiple devices and always get the same initialization failure. The Volume Shadow Copy service is set to manual on my devices, and on some devices is not running and on others it is running, but it appears to make no difference. Interestingly, running the query in PowerShell I can successfully grab the information.
PS C:\Windows\System32\config> Get-WmiObject win32_shadowcopy | select InstallDate
20210731044924.892062-240
20210809052428.288182-240
Curious as to what WMIC returns. For me I am getting the Initialization failure message out of WMI.
Known good class is working
Same error on PS
But PS for a known good class works
I can confirm that my experience is the same as yours when running in a non-administrative context:
-win32_shadowcopy results in an “Initialization failure” for both WMI and PS
-win32_bios returns valid data
Run in an administrative context, win32_shadowcopy returns valid data in both WMI and PS
Since the BigFix service is running as the System account I wouldn’t think that permissions should be the problem, but it certainly looks that way.
On a side note, I found some information in which it was mentioned that the VSS WMI class is architecture dependent and can have issues running correctly on a 64bit OS if accessed in a 32bit process, no idea if this is in-fact true, or relates to my situation. Just grasping at straws.
Thanks
