Re: WMI Group Policy?
From: Torgeir Bakken \(MVP\) (Torgeir.Bakken-spam_at_hydro.com)
Date: 02/08/05
- Next message: o2befre56: "What are these files?"
- Previous message: JW: "Re: Failure Audits in XP Events Security log"
- In reply to: abduljalil_bahrain: "Re: WMI Group Policy?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 08 Feb 2005 12:32:30 +0100
abduljalil_bahrain wrote:
> "Torgeir Bakken (MVP)" wrote:
>
>> What do you mean with "enable WMI"?
>>
>> WMI is enabled as default on all Win2k/WinXP/Win2k3 computers,
>> so how have you "disabled" it in the first place?
>>
>
> i know thats its enabled by default ... but the firewall in SP2
> is preventing to remotely using the function.
Hi
If you had mention the SP2 firewall in your first post it had
been easier to give you the correct answer right up...
Policy path:
Computer Configuration\Administrative Templates\Network\
Network Connections\Windows Firewall\<Domain|Standard> Profile\
Policy name:
Windows Firewall: Allow remote administration exception
From PolicySettings.xls available here:
Group Policy Settings Reference for Windows XP Professional
Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=ef3a35c0-19b9-4acc-b5be-9b7dab13108e&displaylang=en
<quote>
Administrative Templates\Network\Network Connections\Windows Firewall
\<some> Profile
Windows Firewall: Allow remote administration exception
Allows remote administration of this computer using administrative
tools such as the Microsoft Management Console (MMC) and Windows
Management Instrumentation (WMI). To do this, Windows Firewall opens
TCP ports 135 and 445. Services typically use these ports to
communicate using remote procedure calls (RPC) and Distributed
Component Object Model (DCOM). This policy setting also allows
SVCHOST.EXE and LSASS.EXE to receive unsolicited incoming messages
and allows hosted services to open additional dynamically-assigned
ports, typically in the range of 1024 to 1034. If you enable this
policy setting, Windows Firewall allows the computer to receive the
unsolicited incoming messages associated with remote administration.
You must specify the IP addresses or subnets from which these
incoming messages are allowed. If you disable or do not configure
this policy setting, Windows Firewall does not open TCP port 135 or
445. Also, Windows Firewall prevents SVCHOST.EXE and LSASS.EXE from
receiving unsolicited incoming messages, and prevents hosted
services from opening additional dynamically-assigned ports. Because
disabling this policy setting does not block TCP port 445, it does
not conflict with the Windows Firewall: Allow file and printer
sharing exception policy setting. Note: Malicious users often
attempt to attack networks and computers using RPC and DCOM. We
recommend that you contact the manufacturers of your critical
programs to determine if they are hosted by SVCHOST.exe or LSASS.exe
or if they require RPC and DCOM communication. If they do not, then
do not enable this policy setting. Note: If any policy setting
opens TCP port 445, Windows Firewall allows inbound ICMP echo
request messages (the message sent by the Ping utility), even if the
Windows Firewall: Allow ICMP exceptions policy setting would block
them. Policy settings that can open TCP port 445 include Windows
Firewall: Allow file and printer sharing exception, Windows Firewall:
Allow remote administration exception, and Windows Firewall: Define
port exceptions.
</quote>
-- torgeir, Microsoft MVP Scripting and WMI, Porsgrunn Norway Administration scripting examples and an ONLINE version of the 1328 page Scripting Guide: http://www.microsoft.com/technet/scriptcenter/default.mspx
- Next message: o2befre56: "What are these files?"
- Previous message: JW: "Re: Failure Audits in XP Events Security log"
- In reply to: abduljalil_bahrain: "Re: WMI Group Policy?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
