Previous Topic

Next Topic

Firewall configuration

You can establish direct remote WMI access on a computer running the Windows Server® 2008 Firewall, but the default configuration does not provide for this access. However, by using the built-in firewall rules, you can enable remote WMI access with two commands.

Locally execute the following commands on the Windows Server® 2008 machine that is providing WMI access (on a computer running the Insight Providers on Windows Server® 2008):

netsh advfirewall firewall set rule group="Windows Management Instrumentation (WMI)" new enable=yes

Output: Updated 4 rule(s).

Ok.

The commands enable all firewall rules contained in the specified firewall group. If the command output does not confirm that the rules were updated, check that the group name and each word in the command are correct. The following is an example of a group name with spacing highlighted in bold:

"Windows<SPACE>Management<SPACE>Instrumentation<SPACE>(WMI)"

This first command is equivalent to selecting the Windows Management Instrumentation (WMI) checkbox in the Control Panel > Windows Firewall > Settings > Exceptions tab.

An additional firewall rule is needed to enable a remote user to establish a WMI session. It can be enabled with the following command:

netsh advfirewall firewall set rule name="Network Discovery (NB-Name-In)" new enable=yes

This command updates a portion of a rule group (a single rule). It can also be done in the user interface, using the following procedure:

  1. Click Administrative Tools > Windows Firewall with Advanced Security > Inbound Rules.
  2. Enable the Network Discovery (NB-Name-In) rules.
  3. Select the rule, and then click Action > Enable Rule.

    This rule and its equivalent rule appear in the Network Discovery and the File and Printer Sharing firewall rule groups, respectively.

If the Windows® Firewall has either of these already enabled, the latter command does not affect a change, and only first command is necessary.

Similar rules can be created that are more restrictive but that enable remote WMI access in specific circumstances (such as restricting which users, computers, and network addresses can remotely access), depending on your setup.

There can be additional configuration and connection requirements on the client-side depending on the client operating system and firewall used.

For more information, see Connecting to WMI Remotely Starting with Vista®.