Manualshelf

Owner manual

ManualsBrandsHP ManualsSoftwareInsight Management WBEM Providers
11121314151617181920
6 Windows Server® 2008 Firewall configuration
Firewall configuration introduction
This section describes a configuration method for enabling direct remote WMI access on a server
running the Windows Server® 2008 Firewall.
There are many methods to establish remote communication with WMI. Locally privileged programs
can establish communication with WMI locally and serve up a private or standardized remote
management interface. The SMH and Windows Remote Management (an implementation of WS
Management) are examples.
This documentation does not apply to these or other indirect methods of WMI related communication,
only to direct remote connections to WMI. Firewall configurations for indirect WMI communication
methods are independent of establishing a direct remote connection to WMI.
In addition to being used to set up the firewall, some user privileges are used in creating direct
remote WMI access. For example, when a user is not an Administrator, some privileges might not
exist by default.
For more information, see the MSDN article Securing a Remote WMI Connection (http://
msdn2.microsoft.com/en-us/library/aa393266.aspx).
Firewall configuration
You can establish direct remote WMI access on a computer running the Windows Serve 2008
Firewall, but the default configuration does not provide for this access. However, by using the
built-in firewall rules, you can enable remote WMI access with two commands.
Locally execute the following commands on the Windows Server® 2008 machine that is providing
WMI access (on a computer running the Insight Providers on Windows Server® 2008):
netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes
Output: Updated 4 rule(s).
Ok.
The commands enable all firewall rules contained in the specified firewall group. If the command
output does not confirm that the rules were updated, check that the group name and each word
in the command are correct. The following is an example of a group name with spacing highlighted
in bold:
"Windows<SPACE>Management<SPACE>Instrumentation<SPACE>(WMI)"
This first command is equivalent to selecting the Windows Management Instrumentation (WMI)
checkbox in the Control Panel > Windows Firewall > Settings > Exceptions tab.
An additional firewall rule is needed to enable a remote user to establish a WMI session. It can
be enabled with the following command:
netsh advfirewall firewall set rule name="Network Discovery (NB-Name-In)" new enable=yes
This command updates a portion of a rule group (a single rule). It can also be done in the user
interface, using the following procedure:
1. Click Administrative Tools > Windows Firewall with Advanced Security > Inbound Rules.
2. Enable the Network Discovery (NB-Name-In) rules.
3. Select the rule, and then click Action > Enable Rule.
This rule and its equivalent rule appear in the Network Discovery and the File and Printer
Sharing firewall rule groups, respectively.
If the Windows® Firewall has either of these already enabled, the latter command does not affect
a change, and only first command is necessary.
Firewall configuration introduction 19