I’ve seen this morning a post in French about the WinRMRemoteWMIUsers__ group missing from Active Directory Domain Services. The post references the following kb3118385 page about Svchost.exe uses excessive CPU resources on a single-core Windows Server 2012 domain controller
The only missing part in the blog post is the properties of this group that I actually found on this technet page
Of course, you can add the missing group like this
if (-not(Get-ADGroup -Filter { Name -eq 'WinRMRemoteWMIUsers__' })) { New-ADGroup -GroupScope DomainLocal -GroupCategory Security -Name 'WinRMRemoteWMIUsers__' }
…but, it won’t have the well-known SID documented above.
And its Description is:
Members of this group can access WMI resources over management protocols (such as WS-Management via the Windows Remote Management service). This applies only to WMI namespaces that grant access to the user.