Solved

Group Policy and WMI and Windows Firewall

Posted on 2008-06-12
5
15,234 Views
Last Modified: 2013-12-04
I need to be able to enable WMI on all domain computers through Group Policy and also to disable Windows Firewall.  What are the steps to do this?
0
Comment
Question by:dslivingston
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 58

Accepted Solution

by:
tigermatt earned 250 total points
ID: 21772321
To enable the WMI service you can open a Group Policy object, go to Computer Config, Windows Settings, System Services, Windows Management Instruction, view the properties on that entry where you can set it to start Automatically.

For disabling Windows Firewall, you want to disable the setting: Computer Config, Administrative Templates, Network, Network Connections, Windows Firewall, Domain Profile, Protect all Network Connections: Set this policy to 'Disabled'.

-tigermatt
0
 
LVL 78

Assisted Solution

by:arnold
arnold earned 250 total points
ID: 21772368
If you do not have GPMC, get it at: http://www.microsoft.com/windowsserver2003/gpmc/default.mspx
Using the GPMC create a new GPO Disable Firewall.
Then Go through computer configuration\Administrative templates\network\network connections\
Here you will have domain profile and standard profile.  Disable the windows firewall: protect all network connectsion.


What do you mean you want to enable WMI on all, Are you referring to the service?
if so it is also under computer configuration\windows settings\security settings\system services\wmi performance enable it and set it to auto.

Once done, you apply these to the OU or to the entire domain.  Note applying to the entire domain will set this policy on the servers as well as on the workstations.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 21778249
WMI is enabled by default on win2k and up, unless a GP was in place to disable it. You could also, just open certain ports in the firewalls on the lan to allow WMI queries.
There are also some caveats for connecting to wmi, you have to be an admin, and the password cannot be blank. Ports 135 and 445 are all you should need to connect to WMI remotely
http://msdn.microsoft.com/en-us/library/aa389290(VS.85).aspx
http://support.microsoft.com/kb/875605
-rich
0
 
LVL 58

Expert Comment

by:tigermatt
ID: 21780009
Agreed, I guess enabling the service in Group Policy just makes sure it's actually there and running, and more importantly, users cannot disable it.
0
 
LVL 41

Expert Comment

by:graye
ID: 21794663
Are you really asking how to configure the firewall to allow remote WMI sessions?

Or am I "reading between the lines" a too much  :)
0

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question