[Help with Policy to Allow WMI]

Thank you for replying Arakasi,

To get WMI static port to work I also needed to change the policy "Filtering mode: Automatic with exceptions" otherwise the Firewall didn't grab the rules I added to the policy. I also changed the policy to update more often during testing so that every change didn't take 10 minutes to roll out to my test computer.

[Help with Policy to Allow WMI]

Figured out how to set WMI to a fixed port instead of dynamic, in command prompt:

winmgmt -standalonehost

Then you have to restart Winmgmt service (the service have some dependencies to) for changes to take effect. This will lock WMI to TCP port 24158. Only thing to figure out now is how to make a policy that will allow incoming traffic on 24158 from my management server. Should be a piece of cake but when I try to roll out my test policy I get Finished with warning: No task for this client. When I look at the client in ERAC I can see that the Requested and Actual Policy is my test policy but I still cannot connect.

[Help with Policy to Allow WMI]

Hello,

I have been trying to figure out how to design a policy that allows WMI connections. I am running a few scripts to keep the inventory updated and with the default settings WMI is blocked.

 

Tips I have tried are (will update as I get them):

Unchecking "TCP port scanning attack detection" in IDS

 

I switched to Interactive mode and created a separate rule when the WMI query was captured by the firewall but the rule generated is C:\Windows\svchost.exe Any Any which seems a bit to relaxed - or am I wrong? Also WMI seems to use dynamic ports between 1024 and 2000...

 

I saw some people who use Spiceworks having the same issue, although I do not use Spiceworks.

 

Did anyone here get this to work?