,
The warning event 10016 with description «The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker», usually occurs on Windows 10 PCs and is related to the «Security Center» service.
According to Microsoft you can safely ignore events 10016, because they don’t adversely affect functionality, but if you want to fix the problem, continue reading below.
This tutorial contains step-by-step instructions to fix the 10016 warnings in event viewer on Windows 10 and Windows Server 2016/2019, with description:
Source: Distributed COM
Event ID: 10016
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscBrokerManager
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
How to FIX: Application-specific permission settings do not grant Local Launch permission for the COM Server application: Windows.SecurityCenter.SecurityAppBroker (Event ID: 10016).
The error 10016 in Windows Security Center components Windows.SecurityCenter.SecurityAppBroker, Windows.SecurityCenter.WscBrokerManager and Windows.SecurityCenter.WscDataProtection, is reported because these components try to load too early when Windows starts, but fail.
To fix the problem, proceed and disable the DelayedAutoStart as follows:
1. Open Registry Editor. To do that:
1. Simultaneously press the Win + R keys to open the run command box.
2. Type regedit and press Enter to open Registry Editor.
2. In Registry, navigate to the following location:
-
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
3. At the right pane open the DelayedAutoStart REG_DWORD value.
4. Change the value data from 1 to 0 and click OK.
5. Close the Registry Editor and restart the computer.
That’s it! Let me know if this guide has helped you by leaving your comment about your experience. Please like and share this guide to help others.
If this article was useful for you, please consider supporting us by making a donation. Even $1 can a make a huge difference for us in our effort to continue to help others while keeping this site free:
- Author
- Recent Posts
Konstantinos is the founder and administrator of Wintips.org. Since 1995 he works and provides IT support as a computer and network expert to individuals and large companies. He is specialized in solving problems related to Windows or other Microsoft products (Windows Server, Office, Microsoft 365, etc.).
If we install Windows 11 and we look in the Event System Log, we can see three types of “Event 10016 Windows.SecurityCenter DistributedCOM” Warnings:
- The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscCloudBackupProvider
and APPID
Unavailable
to the user Username SID (…) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.WscDataProtection
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
Microsoft recommendation is (DCOM event ID 10016 is logged in Windows):
“These events can be safely ignored because they don’t adversely affect functionality and are by design. It’s the recommend action for these events.”
However, these warnings are very annoying and can confuse anyone, that something is wrongly configured.
Analysis:
The problem is related to the Windows Security Center. The Windows Security Center service (wscsvc) has a delayed automatic start. WscCloudBackupProvider, SecurityAppBroker and WscDataProtection objects start earlier with the OS. As soon as the objects are active, they try to communicate with the Windows Security Center service (wscsvc), which is not started. That is why, we get Event 10016 warnings.
Solution:
Solution of this problem is unusual. It has nothing to do with Local Launch permissions. We should start Windows Security Center service earlier, during OS starting procedure.
If we look at the registry with Registry Editor (regedit.exe), we can find Windows Security Center service settings at:
Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
We have to change the DelayedAutoStart DWORD Value From 1 to 0.
We can’t do it right away, because we don’t have a permission to do it. We right click on the wscsvc Registry Key and select Permissions…First, we need to change the owner of Registry Key. Go to Advanced, Change Owner from System to the Administrators group (local Administrators group, if computer is member of domain), select OK twice. Then open the Permissions window once again and change permissions of Administrators group to Full Control.
Now, we can change the DelayedAutoStart DWORD Value From 1 to 0. In this way, the Windows Security Center will start earlier.
That’s it. After OS restart, we will not see Event 10016 Windows.SecurityCenter Warnings anymore.
I invite you to solve also Event 10016 PerAppRuntimeBroker Warning in Windows 11!
Written by Simon Abolnar
I am a lecturer of Informatics subjects at Higher Vocational College at the School Center Nova Gorica, located in Slovenia-EU. I have been a System Administrator of Microsoft Servers at SCNG for over 20 years.
Образ Windows 10 и 11 поставляется с набором предустановленных приложений Microsoft Store (UWP/APPX приложения), таких как Календарь, Почта, Кортана, Карты, Новости, OneNote, ZuneMusic и т.д. Эти приложения автоматически устанавливаются из встроенного хранилища пакетов в образе Windows (provisioned apps) в профиль каждого пользователя при первом входе в систему. Большинство бизнес-пользователей не используют эти встроенные приложения Windows, поэтому для освобождения места на диске и очистки лишних элементов в стартовом меню, их можно удалить.
Содержание:
- Удаление встроенных приложений из меню Параметры Windows
- Как удалить предустановленное приложение Windows с помощью PoweShell?
- Удаляем сразу все ненужные UWP приложения Windows
Удаление встроенных приложений из меню Параметры Windows
Пользователь может удалить встроенное приложение из своего профиля из панели Параметры. Перейдите в раздел Settings -> Apps -> Installed apps (Параметры -> Приложения -> Установленные приложение). Найдите приложение в списке и нажмите Uninstall (Удалить).
Это удаляет встроенное UWP приложение только в профиле текущего пользователя. При входе нового пользователя, это приложение будет автоматически установлено из системного хранилища.
Кроме того, у некоторых предустановленных современных приложений просто недоступна кнопка Uninstall.
Удалить такие системные приложения Windows можно только из командной строки PowerShell.
Как удалить предустановленное приложение Windows с помощью PoweShell?
В Windows есть два типа UWP приложений:
- пользовательские (находятся в
C:\Program Files\WindowsApps\
) - системные приложения (
C:\Windows\SystemApps\
)
При первом входе пользователя в Windows в его профиль устанавливаются ряд встроенных пользовательских приложений (AppX provisioned packages). Затем каждый пользователь может устанавливать собственные приложения из Microsoft Store или APPX/MSIX пакетов.
С помощью PowerShell можно вывести список Microsoft Store приложений, установленных для текущего пользователя:
Get-AppxPackage | select Name,NonRemovable,PackageUserInformation,PackageFullName
Если вы удалили приложение из графического интерфейса панели Settings, оно пропадет из этого списка.
Вывести список установленных приложений для всех пользователей и сохранить результаты в текстовый файл (для более удобного поиска):
Get-AppxPackage -AllUsers | Format-List -Property Name, PackageFullName >c:\ps\windows_uwp_apps.txt
Чтобы найти приложение по имени и вывести имена и SID пользователей, у которых оно установлено (в этом примере мы ищем приложение Weather):
Get-AppxPackage -AllUsers | select Name, PackageFullName, PackageUserInformation| where-object {$_.Name -like "*Weather*"} | FL
Для некоторых приложений указан статус Staged. Это значит, что приложение будет автоматически установлено в новую учетную запись при входе.
Чтобы удалить приложение для текущего пользователя, скопируйте имя пакета из столбца PackageFullName и укажите его в качестве параметра команды Remove-AppxPackage:
Remove-AppxPackage Microsoft.BingWeather_4.53.60911.0_x64__8wekyb3d8bbwe
Чтобы удалить приложение у всех пользователей компьютера, добавьте параметр AllUsers:
Get-AppxPackage *BingWeather* -AllUsers| Remove-AppPackage –AllUsers -verbose
Чтобы удалить приложение у определенного пользователя системы, укажите его имя в параметре —User <user_name>.
В Windows 11 эта команда удалит приложение из профилей всех пользователей и из системного хранилища. Однако в Windows 10 такое приложение все еще остается в системе в состоянии Staged (и фактически остается на диске в каталоге C:\Program Files\WindowsApps).
Вывести список Staged приложений, которые встроены в образ Windows и автоматически устанавливаются всем пользователям:
Get-AppxProvisionedPackage -online |select DisplayName,PackageName
Чтобы полностью удалить определенное приложение из образа Windows , нужно указать его имя в команде Remove-AppxProvisionedPackage:
Get-AppxProvisionedPackage -online | where-object {$_.PackageName -like "*Microsoft.ZuneVideo*"} | Remove-AppxProvisionedPackage -online –Verbose
Теперь это приложение не будет автоматически устанавливаться новым пользователям.
Удаляем сразу все ненужные UWP приложения Windows
Удалять встроенные приложения по одному – задача довольно утомительная. Для автоматического удаления из образа Windows предустановленных приложений можно использовать скрипт PowerShell.
Важно. Не в коем случае не удаляйте все UWP приложения подряд командой типа:
Get-AppXProvisionedPackage -online | Remove-AppxProvisionedPackage -online
Не удаляйте системные приложения, такие как Microsoft.VCLibs, Microsoft.NET.Native.Framework, Microsoft.NET.Native.Runtime, Microsoft.WindowsAppRuntime. Microsoft.WindowsStore (случайно удаленное приложение Microsoft Store можно восстановить). Ряд UWP приложений в Windows 10 и 11 отвечает за работу различных системных панелей управления. Например windows.immersivecontrolpane – это современная панель Параметры (Settings), Microsoft.SecHealthUI – панель управления Антивирусом и безопасностью Windows и т.д.
Список системных UWP приложений Windows, которые нельзя удалять без веского основания можно получить так:
Get-AppxPackage| ? { $_.SignatureKind -eq "System" }|select Name,InstallLocation
Список ненужных приложений меняется в зависимости от билда Windows. В этом примере я буду удалять встроенные приложения, которые лично я не использую в Windows 11 23H2.
Откройте PowerShell ISE с правами администратора, скопируйте в него указанный код и запустите скрипт (F5).
$UWPAppstoRemove = @(
"Microsoft.BingNews",
"Microsoft.GamingApp",
"Microsoft.MicrosoftSolitaireCollection",
"Microsoft.WindowsCommunicationsApps",
"Microsoft.WindowsFeedbackHub",
"Microsoft.XboxGameOverlay",
"Microsoft.XboxGamingOverlay",
"Microsoft.XboxIdentityProvider",
"Microsoft.XboxSpeechToTextOverlay",
"Microsoft.YourPhone",
"Microsoft.ZuneMusic",
"Microsoft.ZuneVideo",
"MicrosoftTeams",
"Microsoft.OutlookForWindows",
"Microsoft.Windows.DevHome",
"Microsoft.MicrosoftOfficeHub",
"Microsoft.MicrosoftStickyNotes",
"Microsoft.People",
"Microsoft.ScreenSketch",
"microsoft.windowscommunicationsapps",
"Microsoft.WindowsFeedbackHub",
"Microsoft.WindowsMaps"
)
# Удаление установленные приложений у всех пользователей и из образа Windows
foreach ($UWPApp in $UWPAppstoRemove) {
Get-AppxPackage -Name $UWPApp -AllUsers | Remove-AppxPackage -AllUsers -verbose
Get-AppXProvisionedPackage -Online | Where-Object DisplayName -eq $UWPApp | Remove-AppxProvisionedPackage -Online -verbose
}
Таким образом, все новые учетные записи будут создаваться без встроенных приложений Windows 10 (профили новых пользователей будут создаваться быстрее). Также можно подготовить собственный образ Windows, из которого будут сразу удалены все встроенные приложения.
Introduction
Almost 2 years ago, I wrote a post about how to fix events 10016, but with the latest Windows 10 versions, a new case popped up.
Three events 10016 continue to pop up similar to the following:
The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID
Windows.SecurityCenter.SecurityAppBroker
and APPID
Unavailable
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
The other two are about SecurityCenter.WcsBrokerManager and SecurityCenter.WscDataProtecting.
The problem here is that there isn’t any COM entity to fix.
Solution
Looking for a solution on the net, I found someone that found the solution.
The problem seems to pop up during the system startup phase because the Security Center service isn’t already started.
To fix it, we have to set the Startup Type from Delayed Start to Automatic.
The problem is that we cannot use our beloved Services window.
We need to open the Registry Editor and:
- go to:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
- change the DelayedAutoStart from 1 to 0
- reboot.
Post Views: 1,054
Hi Folks!
I am back today with another solution to a common problem. It seems every time Microsoft releases an update to Windows 10, Your event log is full of Event ID 10016 Errors. these errors range from issues with Windows Security Center, to general DCOM Errors involving Shell host.
Now according to Microsoft, some of these DCOM Errors are by design and are harmless. To quote the recent Microsoft DCOM Event ID 10016 is logged in Event Viewer Knowledge Base article:
These 10016 events are recorded when Microsoft components tries to access DCOM components without the required permissions. In this case, this is expected and by design.
A coding pattern has been implemented where the code first tries to access the DCOM components with one set of parameters. If the first attempt is unsuccessful, it tries again with another set of parameters. The reason why it does not skip the first attempt is because there are scenarios where it can succeed. In those scenarios, that is preferable.
However, to many people these errors are annoying and serve no purpose other than to clog your event log with a bunch of annoying error messages like seen below..
The solution to Windows.SecurityCenter.WscBrokerManager, Windows.SecurityCenter.WscCloudBackupProvidor, and Windows.SecurityCenter.WscDataProtection DCOM 10016 errors has to do with the Windows Security Center Service and its by default delayed auto start.
The problem with the security center service delayed auto start is Windows.SecurityCenter.WscBrokerManager,and Windows.SecurityCenter.WscCloudBackupProvidor tries to initiate very early in the boot up process, and this will cause it to fail and give those error messages. It will later retry after the Windows Security Center Service(wscsvc) has finally started up, and then succeed as normal.
To fix this problem, you must change the delayed start value of wscsvc to start up sooner in the boot process so its not delayed by disabling the delayed start of the wscsvc service.
You can not however change the startup value of the Windows Security Center Service via the Services application because you simply won’t have permissions to do so. It can only be changed via the registry.
To fix these errors, perform the following steps:
1. type regedit in the Windows Search box and «Run it as administrator and click OK in the UAC prompt.
2. Navigate to the following Registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc
3. In the right-hand pane look for the DWORD Value named DelayedAutoStart
4. Double click DelayedAutoStart and change the value from 1 to 0
5. Close the Registry Editor and restart your computer.
6. Those DCOM Error messages with Event ID 10016 concerning Windows.SecurityCenter should no longer be present.
As always, I hope this little articles helps folks out there wondering why they are getting these annoying errors.
Merry Christmas Folks!
Have a great New Year!
Disclaimer: I am not responsible for anything
that may happen to your PC when changing settings or changing registry
values. If you choose to make changes, you do so at your own risk.. You
are solely responsible for
any damage to your computer , data, or other hardware due to user error,
inadequate
cooling, too high of voltages, incorrect software settings, and any
other factors. Please remember to
back up your computer before attempting
this. If overclocking, Do not Overclock on the stock AMD or Intel CPU
Heatsink and fans.
Use Aftermarket cooling heat sinks of sufficient TDP or water cooling to
ensure best chance of not having premature hardware failure. As always,
remember to backup your data before attempting any change. I am not
responsible for data loss or damage of any kind.