Hello Everyone, I need to know whether a group policy exists to configure WMI Access to all the remote machines. I would appreciate if you guys can provide the direction. Thanks in advance.

do you mean WinRM? http://blog.powershell.no/2010/03/04/enable-and-configure-windows-powershell-remoting-using-group-policy/

No, actually i am asking about WMI (Windows Management Instrumentation) . How can one enable that on client machines through group policy. Thanks.

Hello!

Hi, Windows Management Instrumentation (WMI) service is started on clients by default. If you still want to start it via Group Policy, you will have following two options: 1. Startup or Logon scripts You may use net start command to start the services. For more information, please refer to the following Microsoft TechNet articles: Start, stop, pause, resume, or restart a service http://technet.microsoft.com/en-us/library/cc736564(WS.10).aspx Startup, shutdown, logon, and logoff scripts http://technet.microsoft.com/en-us/library/cc739591(WS.10).aspx If you encounter any difficulties when writing the scripts, you may submit a new question in The Official Scripting Guys Forum! which is a best resource for scripting related issues. The Official Scripting Guys Forum! http://social.technet.microsoft.com/Forums/en/ITCG/threads 2. Group Policy Preference: Services If you are using Windows Server 2008 or Windows Server 2008 R2 Domain Controller, you may use Group Policy Preference: Services. If no Windows Server 2008 or Windows Server 2008 R2 Domain Controller is in use, you can configure a Group Policy Preference item in a Windows Server 2003 environment from either a Windows Server 2008/R2 server or a Windows Vista with Service Pack 1/Windows 7 client with RSAT update installed. If you do not have Windows Server 2008/R2 server, you can download and install Remote Server Administration Tools on a Windows Vista or Windows 7 client to manage and configure them. Microsoft Remote Server Administration Tools for Windows Vista http://www.microsoft.com/downloads/details.aspx?FamilyId=9FF6E897-23CE-4A36-B7FC-D52065DE9960&displaylang=en Remote Server Administration Tools for Windows 7 http://www.microsoft.com/downloads/details.aspx?FamilyID=7D2F6AD7-656B-4313-A005-4E344E43997D&displaylang=en The CSEs for the new Group Policy preference functionality are required in Windows XP Service Pack 2 (SP2), Windows Server 2003 Service Pack 1 (SP1), and Windows Vista to process the new preference items. To download and install CSEs, please refer to the following link: Information about new Group Policy preferences in Windows Server 2008 http://support.microsoft.com/kb/943729 Regards,Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

Thanks for the reply. I believe I have not explained my question properly. Actually, I wanted to remotely administer WMI for all the clients. As you explained, it is enabled by default, but due to firewall settings, it is not possible. So, I was looking for a group policy or port settings that can be enabled on the windows firewall which would allow access to WMI to all the clients. I have found a group policy which is Computer Configuration Administrative Templates Network Network Connections Windows Profile Domain/Standard Profile Windows Firewall: Allow Remote Administration Exception Kindly, confirm that for me that it is exactly what I need. Thanks in advance.

Hi, Please check the following Microsoft TechNet article: Setting Up a Fixed Port for WMI http://technet.microsoft.com/en-us/library/bb219447(v=VS.85).aspx You may use the startup script to deploy the port to the clients. After that, you may use the Group Policy to set Windows Firewall: Define port exceptions to open the port for WMI. For more information, please also refer to the following Microsoft TechNet article: Deploying Windows Firewall Settings With Group Policy http://technet.microsoft.com/en-us/library/bb490626.aspx Regards, Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

I will definitely go through the article, but is the policy stated above not enough for my objective. Kindly, confirm. THanks.

Good day to you all. Any thoughts on my question.

Good day to you all. Any thoughts on my question.

I hope I am not bugging too much, but I really want to know the answer. Kindly, have a look at my query.. Thanks.

Hello All, Any update on this. Thanks in advance.

IMO it is time for you to call CSS, for all of you questions, you have posted 7 different posts today, that say the exact same thing! “Hello All, Any update on this. Thanks in advance.” To make matter worse you have done it multiply time for multiply post and people are not replying to you. You where politely told within http://social.technet.microsoft.com/Forums/en-US/configmgrsum/thread/85b17ed3-7aef-4174-8b4c-2cbcca5c76cf/#31633a93-db03-4bf3-ad75-a824889f0726 not to bump your messages but you still do it. This post has 5 “bump” message http://social.technet.microsoft.com/Forums/en-US/winservergen/thread/a2f2abb3-35f6-4c1a-beee-d09f311b4507/#fb0b7a68-5901-4e18-922f-350678e5d70a You need to read this KB http://support.microsoft.com/kb/555375 and you need to call CSS.

I was looking for the same thing (it is a shame no one seems to be able to read or understand your original question!) http://social.technet.microsoft.com/Forums/en-US/winserverGP/thread/84c78946-eb05-4068-877d-489153419d13/ Make sure you are editing your group policy object from a Windows 7 or Server 2008 R2 machine to ensure you are editing the policy with the same client-side extension present. 1. Edit the group policy object you wish to put these settings into. 2. Expand the Computer Config > Policies > Windows Settings > Security Settings > Windows Firewall with Advanced Security > Windows Firewall with Advanced Security > Inbound Rules node. 3. Right-click in the working area and choose New Rule... 4. Choose the Predefined option, and select Windows Management Instrumentation (WMI) from the drop-down list, Next. 5. There are a number of options here, but I tend to just select one: the (WMI-In) option with the Domain profile value. If you aren't sure what you need, then just remember you can come back and add the others later. Next button. 6. Allow the connection > Finish.

Thanks Gerard - It is nice to get a straight answer - and the right one as well.

Thanks GerardD. Simple and clear answer. Very useful. Pat

Hi Try to run this command on client netsh firewall set service RemoteAdmin enable If you have access to WMI after that you can distribute this using login script to all clientsBest regards Dubravko Marak MCP Blog: Windows Server Administration Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.