Solved

Group Policy and WMI and Windows Firewall

Posted on 2008-06-12
5
15,195 Views
Last Modified: 2013-12-04
I need to be able to enable WMI on all domain computers through Group Policy and also to disable Windows Firewall.  What are the steps to do this?
0
Comment
Question by:dslivingston
5 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 250 total points
ID: 21772321
To enable the WMI service you can open a Group Policy object, go to Computer Config, Windows Settings, System Services, Windows Management Instruction, view the properties on that entry where you can set it to start Automatically.

For disabling Windows Firewall, you want to disable the setting: Computer Config, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile, Protect all Network Connections: Set this policy to 'Disabled'.

-tigermatt
0
 
LVL 77

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 21772368
If you do not have GPMC, get it at: http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
Using the GPMC create a new GPO Disable Firewall.
Then Go through computer configuration\Administrative templates\network\network connections\
Here you will have domain profile and standard profile.  Disable the windows firewall: protect all network connectsion.


What do you mean you want to enable WMI on all, Are you referring to the service?
if so it is also under computer configuration\windows settings\security settings\system services\wmi performance enable it and set it to auto.

Once done, you apply these to the OU or to the entire domain.  Note applying to the entire domain will set this policy on the servers as well as on the workstations.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 21778249
WMI is enabled by default on win2k and up, unless a GP was in place to disable it. You could also, just open certain ports in the firewalls on the lan to allow WMI queries.
There are also some caveats for connecting to wmi, you have to be an admin, and the password cannot be blank. Ports 135 and 445 are all you should need to connect to WMI remotely
http://msdn.microsoft.com/en-us/library/aa389290(VS.85).aspx
http://support.microsoft.com/kb/875605
-rich
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21780009
Agreed, I guess enabling the service in Group Policy just makes sure it's actually there and running, and more importantly, users cannot disable it.
0
 
LVL 41

Expert Comment

by:graye
ID: 21794663
Are you really asking how to configure the firewall to allow remote WMI sessions?

Or am I "reading between the lines" a too much  :)
0

Featured Post

Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Security measures require Windows be logged in using Standard User login (not Administrator).  Yet, sometimes an application has to be run “As Administrator” from a Standard User login.  This paper describes how to create a shortcut icon to launch a…
Restoring deleted objects in Active Directory has been a standard feature in Active Directory for many years, yet some admins may not know what is available.
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question