Group Policy to Allow WMI Access to Remote Machine
Hello Everyone,
I need to know whether a group policy exists to configure WMI Access to all the remote machines. I would appreciate if you
guys can provide the direction. Thanks in advance.
May 22nd, 2011 4:00pm
do you mean WinRM?
http://blog.powershell.no/2010/03/04/enable-and-configure-windows-powershell-remoting-using-group-policy/
Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2011 7:19pm
No, actually i am asking about WMI (Windows Management Instrumentation) . How can one enable that on client machines through group policy. Thanks.
May 23rd, 2011 10:21am
Hi,
Windows Management Instrumentation (WMI) service is started on clients by default. If you still want to start it via Group Policy, you will have following
two options:
1.
Startup or Logon scripts
You may use
net start command to start the services. For more information, please refer to the following Microsoft TechNet articles:
Start, stop, pause, resume, or restart a service
http://technet.microsoft.com/en-us/library/cc736564(WS.10).aspx
Startup, shutdown, logon, and logoff scripts
http://technet.microsoft.com/en-us/library/cc739591(WS.10).aspx
If you encounter any difficulties when writing the scripts, you may submit a new question in The Official Scripting Guys Forum! which is a best resource
for scripting related issues.
The Official Scripting Guys Forum!
http://social.technet.microsoft.com/Forums/en/ITCG/threads
2.
Group Policy Preference: Services
If you are using Windows Server 2008 or
Windows Server 2008 R2 Domain Controller, you may use
Group Policy Preference: Services.
If no
Windows Server 2008 or
Windows Server 2008 R2 Domain Controller is in use, you can configure a Group Policy Preference item in a Windows Server 2003 environment from either a Windows Server 2008/R2
server or a Windows Vista with Service Pack 1/Windows 7 client with RSAT update installed. If you do not have Windows Server 2008/R2 server, you can download and install Remote Server Administration Tools on a Windows Vista or Windows 7 client to manage
and configure them.
Microsoft Remote Server Administration Tools for Windows Vista
http://www.microsoft.com/downloads/details.aspx?FamilyId=9FF6E897-23CE-4A36-B7FC-D52065DE9960&displaylang=en
Remote Server Administration Tools for Windows 7
http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en
The CSEs for the new Group Policy preference functionality are required in Windows XP Service Pack 2 (SP2), Windows Server 2003 Service Pack 1 (SP1), and Windows Vista to process the new preference items. To download and install CSEs, please refer to the following
link:
Information about new Group Policy preferences in Windows Server 2008
http://support.microsoft.com/kb/943729
Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
May 25th, 2011 3:37am
Thanks for the reply.
I believe I have not explained my question properly. Actually, I wanted to remotely administer WMI for all the clients. As you explained, it is enabled by default, but due to firewall settings, it is not possible. So, I was looking for
a group policy or port settings that can be enabled on the windows firewall which would allow access to WMI to all the clients. I have found a group policy which is
Computer Configuration
Administrative Templates
Network
Network Connections
Windows Profile
Domain/Standard Profile
Windows Firewall: Allow Remote Administration Exception
Kindly, confirm that for me that it is exactly what I need. Thanks in advance.
Free Windows Admin Tool Kit Click here and download it now
May 28th, 2011 4:32pm
Hi,
Please check the following Microsoft TechNet article:
Setting Up a Fixed Port for WMI
http://technet.microsoft.com/en-us/library/bb219447(v=VS.85).aspx
You may use the startup script to deploy the port to the clients.
After that, you may use the Group Policy to set Windows Firewall: Define port exceptions to open the port for WMI. For more information, please also
refer to the following Microsoft TechNet article:
Deploying Windows Firewall Settings With Group Policy
http://technet.microsoft.com/en-us/library/bb490626.aspx
Regards,
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
May 29th, 2011 10:48pm
I will definitely go through the article, but is the policy stated above not enough for my objective. Kindly, confirm. THanks.
Free Windows Admin Tool Kit Click here and download it now
May 30th, 2011 8:33am
Good day to you all. Any thoughts on my question.
May 31st, 2011 6:29am
Good day to you all. Any thoughts on my question.
Free Windows Admin Tool Kit Click here and download it now
June 2nd, 2011 3:54pm
I hope I am not bugging too much, but I really want to know the answer. Kindly, have a look at my query.. Thanks.
June 6th, 2011 5:53am
Hello All, Any update on this. Thanks in advance.
Free Windows Admin Tool Kit Click here and download it now
June 12th, 2011 1:16pm
IMO it is time for you to call CSS, for all of you questions,
you have posted 7 different posts today, that say the exact same thing! “Hello All, Any update on this.
Thanks in advance.”
To make matter worse you have done it multiply time for multiply post and people are not replying to you.
You where politely told within
http://social.technet.microsoft.com/Forums/en-US/configmgrsum/thread/85b17ed3-7aef-4174-8b4c-2cbcca5c76cf/#31633a93-db03-4bf3-ad75-a824889f0726
not to bump your messages but you still do it. This post has 5 “bump” message
http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/a2f2abb3-35f6-4c1a-beee-d09f311b4507/#fb0b7a68-5901-4e18-922f-350678e5d70a
You need to read this KB
http://support.microsoft.com/kb/555375 and you need to call
CSS.
June 12th, 2011 1:52pm
I was looking for the same thing (it is a shame no one seems to be able to read or understand your original question!)
http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/84c78946-eb05-4068-877d-489153419d13/
Make sure you are editing your group policy object from a Windows 7 or Server 2008 R2 machine to ensure you are editing the policy with the same client-side extension present.
1. Edit the group policy object you wish to put these settings into.
2. Expand the Computer Config > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules node.
3. Right-click in the working area and choose New Rule...
4. Choose the Predefined option, and select Windows Management Instrumentation (WMI) from the drop-down list, Next.
5. There are a number of options here, but I tend to just select one: the (WMI-In) option with the Domain profile value. If you aren't sure what you need, then just remember you can come back and add the others later. Next button.
6. Allow the connection > Finish.
Free Windows Admin Tool Kit Click here and download it now
August 2nd, 2011 4:24pm
Thanks Gerard - It is nice to get a straight answer - and the right one as well.
May 4th, 2012 5:38am
Thanks GerardD. Simple and clear answer. Very useful.
Pat
Free Windows Admin Tool Kit Click here and download it now
July 9th, 2012 11:10am
Hi
Try to run this command on client
netsh firewall set service RemoteAdmin enable
If you have access to WMI after that you can distribute this using login script to all clientsBest regards
Dubravko Marak
MCP
Blog: Windows Server Administration
Please remember to click Mark as Answer on the post that helps you, and to click
Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
July 13th, 2012 4:18am