Jump to content

Help with Policy to Allow WMI


Anders
 Share

Go to solution Solved by Anders,

Recommended Posts

Hello,

I have been trying to figure out how to design a policy that allows WMI connections. I am running a few scripts to keep the inventory updated and with the default settings WMI is blocked.

 

Tips I have tried are (will update as I get them):

Unchecking "TCP port scanning attack detection" in IDS

 

I switched to Interactive mode and created a separate rule when the WMI query was captured by the firewall but the rule generated is C:\Windows\svchost.exe Any Any which seems a bit to relaxed - or am I wrong? Also WMI seems to use dynamic ports between 1024 and 2000...

 

I saw some people who use Spiceworks having the same issue, although I do not use Spiceworks.

 

Did anyone here get this to work?

Link to comment
Share on other sites

Figured out how to set WMI to a fixed port instead of dynamic, in command prompt:

winmgmt -standalonehost

Then you have to restart Winmgmt service (the service have some dependencies to) for changes to take effect. This will lock WMI to TCP port 24158. Only thing to figure out now is how to make a policy that will allow incoming traffic on 24158 from my management server. Should be a piece of cake but when I try to roll out my test policy I get Finished with warning: No task for this client. When I look at the client in ERAC I can see that the Requested and Actual Policy is my test policy but I still cannot connect.

Link to comment
Share on other sites

  • Solution

Thank you for replying Arakasi,

To get WMI static port to work I also needed to change the policy "Filtering mode: Automatic with exceptions" otherwise the Firewall didn't grab the rules I added to the policy. I also changed the policy to update more often during testing so that every change didn't take 10 minutes to roll out to my test computer.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...