Solved

Group Policy and WMI and Windows Firewall

Posted on 2008-06-12
5
15,044 Views
Last Modified: 2013-12-04
I need to be able to enable WMI on all domain computers through Group Policy and also to disable Windows Firewall.  What are the steps to do this?
0
Comment
Question by:dslivingston
5 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 250 total points
Comment Utility
To enable the WMI service you can open a Group Policy object, go to Computer Config, Windows Settings, System Services, Windows Management Instruction, view the properties on that entry where you can set it to start Automatically.

For disabling Windows Firewall, you want to disable the setting: Computer Config, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile, Protect all Network Connections: Set this policy to 'Disabled'.

-tigermatt
0
 
LVL 76

Assisted Solution

by:arnold
arnold earned 250 total points
Comment Utility
If you do not have GPMC, get it at: http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
Using the GPMC create a new GPO Disable Firewall.
Then Go through computer configuration\Administrative templates\network\network connections\
Here you will have domain profile and standard profile.  Disable the windows firewall: protect all network connectsion.


What do you mean you want to enable WMI on all, Are you referring to the service?
if so it is also under computer configuration\windows settings\security settings\system services\wmi performance enable it and set it to auto.

Once done, you apply these to the OU or to the entire domain.  Note applying to the entire domain will set this policy on the servers as well as on the workstations.
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
WMI is enabled by default on win2k and up, unless a GP was in place to disable it. You could also, just open certain ports in the firewalls on the lan to allow WMI queries.
There are also some caveats for connecting to wmi, you have to be an admin, and the password cannot be blank. Ports 135 and 445 are all you should need to connect to WMI remotely
http://msdn.microsoft.com/en-us/library/aa389290(VS.85).aspx
http://support.microsoft.com/kb/875605
-rich
0
 
LVL 58

Expert Comment

by:tigermatt
Comment Utility
Agreed, I guess enabling the service in Group Policy just makes sure it's actually there and running, and more importantly, users cannot disable it.
0
 
LVL 41

Expert Comment

by:graye
Comment Utility
Are you really asking how to configure the firewall to allow remote WMI sessions?

Or am I "reading between the lines" a too much  :)
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
Learn about cloud computing and its benefits for small business owners.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now