WMI Group Policy?

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Is there any way to use group policy to enable WMI in our organization
workstations.
in other word "to enable WMI remotely?"
--
Abduljalil Mohammed
IT Department
Court of the Crown Prince
Kingdom of Bahrain
5 answers Last reply
More about group policy
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Remote Administration (using WMI) on XP Pro
    http://www.tweakxp.com/article139943.aspx

    --
    Carey Frisch
    Microsoft MVP
    Windows XP - Shell/User

    Be Smart! Protect Your PC!
    http://www.microsoft.com/athome/security/protect/default.aspx

    ----------------------------------------------------------------------------

    "abduljalil_bahrain" wrote:

    | Is there any way to use group policy to enable WMI in our organization
    | workstations.
    | in other word "to enable WMI remotely?"
    | --
    | Abduljalil Mohammed
    | IT Department
    | Court of the Crown Prince
    | Kingdom of Bahrain
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    i dont think this is what i want .
    i want to enable the WMI on all PC's in our organization from central point
    (domain) using group policy or any other tools.

    "Carey Frisch [MVP]" wrote:

    > Remote Administration (using WMI) on XP Pro
    > http://www.tweakxp.com/article139943.aspx
    >
    > --
    > Carey Frisch
    > Microsoft MVP
    > Windows XP - Shell/User
    >
    > Be Smart! Protect Your PC!
    > http://www.microsoft.com/athome/security/protect/default.aspx
    >
    > ----------------------------------------------------------------------------
    >
    > "abduljalil_bahrain" wrote:
    >
    > | Is there any way to use group policy to enable WMI in our organization
    > | workstations.
    > | in other word "to enable WMI remotely?"
    > | --
    > | Abduljalil Mohammed
    > | IT Department
    > | Court of the Crown Prince
    > | Kingdom of Bahrain
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    abduljalil_bahrain wrote:

    > i dont think this is what i want .
    > i want to enable the WMI on all PC's in our organization from
    > central point (domain) using group policy or any other tools.
    Hi

    What do you mean with "enable WMI"?

    WMI is enabled as default on all Win2k/WinXP/Win2k3 computers, so
    how have you "disabled" it in the first place?


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/scriptcenter/default.mspx
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    i know thats its enabled by default ... but the firewall in SP2 is preventing
    to remotely using the function.

    "Torgeir Bakken (MVP)" wrote:

    > abduljalil_bahrain wrote:
    >
    > > i dont think this is what i want .
    > > i want to enable the WMI on all PC's in our organization from
    > > central point (domain) using group policy or any other tools.
    > Hi
    >
    > What do you mean with "enable WMI"?
    >
    > WMI is enabled as default on all Win2k/WinXP/Win2k3 computers, so
    > how have you "disabled" it in the first place?
    >
    >
    >
    > --
    > torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    > Administration scripting examples and an ONLINE version of
    > the 1328 page Scripting Guide:
    > http://www.microsoft.com/technet/scriptcenter/default.mspx
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    abduljalil_bahrain wrote:

    > "Torgeir Bakken (MVP)" wrote:
    >
    >> What do you mean with "enable WMI"?
    >>
    >> WMI is enabled as default on all Win2k/WinXP/Win2k3 computers,
    >> so how have you "disabled" it in the first place?
    >>
    >
    > i know thats its enabled by default ... but the firewall in SP2
    > is preventing to remotely using the function.
    Hi

    If you had mention the SP2 firewall in your first post it had
    been easier to give you the correct answer right up...

    Policy path:
    Computer Configuration\Administrative Templates\Network\
    Network Connections\Windows Firewall\<Domain|Standard> Profile\

    Policy name:
    Windows Firewall: Allow remote administration exception

    From PolicySettings.xls available here:

    Group Policy Settings Reference for Windows XP Professional
    Service Pack 2
    http://www.microsoft.com/downloads/details.aspx?familyid=ef3a35c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en

    <quote>
    Administrative Templates\Network\Network Connections\Windows Firewall
    \<some> Profile
    Windows Firewall: Allow remote administration exception

    Allows remote administration of this computer using administrative
    tools such as the Microsoft Management Console (MMC) and Windows
    Management Instrumentation (WMI). To do this, Windows Firewall opens
    TCP ports 135 and 445. Services typically use these ports to
    communicate using remote procedure calls (RPC) and Distributed
    Component Object Model (DCOM). This policy setting also allows
    SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages
    and allows hosted services to open additional dynamically-assigned
    ports, typically in the range of 1024 to 1034. If you enable this
    policy setting, Windows Firewall allows the computer to receive the
    unsolicited incoming messages associated with remote administration.
    You must specify the IP addresses or subnets from which these
    incoming messages are allowed. If you disable or do not configure
    this policy setting, Windows Firewall does not open TCP port 135 or
    445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from
    receiving unsolicited incoming messages, and prevents hosted
    services from opening additional dynamically-assigned ports. Because
    disabling this policy setting does not block TCP port 445, it does
    not conflict with the Windows Firewall: Allow file and printer
    sharing exception policy setting. Note: Malicious users often
    attempt to attack networks and computers using RPC and DCOM. We
    recommend that you contact the manufacturers of your critical
    programs to determine if they are hosted by SVCHOST.exe or LSASS.exe
    or if they require RPC and DCOM communication. If they do not, then
    do not enable this policy setting. Note: If any policy setting
    opens TCP port 445, Windows Firewall allows inbound ICMP echo
    request messages (the message sent by the Ping utility), even if the
    Windows Firewall: Allow ICMP exceptions policy setting would block
    them. Policy settings that can open TCP port 445 include Windows
    Firewall: Allow file and printer sharing exception, Windows Firewall:
    Allow remote administration exception, and Windows Firewall: Define
    port exceptions.

    </quote>


    --
    torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway
    Administration scripting examples and an ONLINE version of
    the 1328 page Scripting Guide:
    http://www.microsoft.com/technet/scriptcenter/default.mspx
Ask a new question

Read More

Policy Security Microsoft Windows XP