Versions Compared

Old Version 3

changes.mady.by.user Mayuresh Balaji Kamble

Saved on

compared with

New Version 4

changes.mady.by.user Mayuresh Balaji Kamble

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Published by Scroll Versions from space WSPlat and version Sierra_SP1

...

In this document, we are going to focus on Windows Management Instrumentation (WMI)

What is WMI?

WMI (Windows Management Instrumentation) is a technological invention of Microsoft, whose purpose is to take care of the different operational environments of Windows.

...

  1. Type wmimgmt.msc in run command.

    Figure: WMI Control Window
  2. In the console tree, right-click WMI Control, and then click Properties.

  3. Click the Security tab.

    Figure: Security tab

  4. Select the CIMV2 namespace and then click Security.

  5. In the Security dialog box, click Add.

  6. In the Select Users, Computers, or Groups dialog box, enter the user

  7. Click the Check Names button to verify your entry and then click OK.

  8. In the Security dialog box, under Permissions, select ‘Enable Account’ and ‘Remote Enable’ for the user account.

  9. Ensure the permissions propagate to all

  10. Under Security, Click Advanced and double click user/group to open properties

  11. Select ‘This namespaces and subnamespaces’ to propagate permissions

Windows Firewall and ports

Windows Server 2008 / 2012 / 2016, Windows 7/10 Firewall Rules:

...

  1. To disable the DCOM

    netsh advfirewall firewall delete rule name="DCOM"

  2. To disable the WMI service

    netsh advfirewall firewall delete rule name="WMI"

  3. To disable the sink exception.

    netsh advfirewall firewall delete rule name="UnsecApp"

  4. To disable the outgoing exception.

    netsh advfirewall firewall delete rule name="WMI_OUT" 

User Account Control Settings

User Account Control (UAC) access-token filtering can affect which operations are allowed in WMI namespaces or what data is returned. Under UAC, all accounts in the local Administrators group run with a standard user access token, also known as UAC access-token filtering. An administrator account can run a script with an elevated privilege—"Run as Administrator".

...

For more information on DCOM settings, see Securing a Remote WMI Connection. However, UAC affects connections for nondomain user accounts. If you connect to a remote computer using a non-domain user account included in the local Administrators group of the remote computer, then you must explicitly grant remote DCOM access, activation, and launch rights to the account.

CIMOM Settings

The CIMOM settings need to be updated if the remote connection is between computers that do not have a trust relationship; otherwise, an asynchronous connection will fail. This setting should not be modified for computers in the same domain or in trusted domains.

...

The following procedure is an automated setup to allow WMI to have a fixed port. The procedure uses the winmgmt command-line tool.

To set up a fixed port for WMI

  • At the command prompt, type winmgmt -standalonehost
  • Stop the WMI service by typing the command net stop "Windows Management Instrumentation", or use the short name of net stop winmgmt
  • Restart the WMI service again in a new service host by typing net start "Windows Management Instrumentation" or net start winmgmt
  • Establish a new port number for the WMI service by typing netsh firewall add portopening TCP 24158 WMIFixedPort
  • To undo any changes you make to WMI, type winmgmt /sharedhost, then stop and start the winmgmt service

Windows Server 2003 Firewall Rules

By default, DCOM communicates with the client on a random port, so to write firewall rules, specifying a port range is also described.

...