Friday, October 16, 2009

wmi through firewall

Friday, October 16, 2009 Posted by Andre Broers ,

Setting Up a Fixed Port for WMI
WMI runs as part of a shared service host with ports assigned through DCOM by default. Starting with Windows Vista, you can set up the WMI service to run as the only process in a separate host and specify a fixed port.
A fixed port makes WMI easier to use behind firewalls, but in Windows Vista you cannot use scripts that make
asynchronous calls. For more information about asynchronous calls, see Calling a Method.
The following procedure is an automated setup to allow WMI to have a fixed port. The procedure uses the
winmgmt command-line tool.
To set up a fixed port for WMI
1. At the command prompt, type winmgmt -standalonehost
2. Stop the WMI service by typing the command net stop "Windows Management Instrumentation"
3. Restart the WMI service again in a new service host by typing net start "Windows Management Instrumentation"
4. Establish a new port number for the WMI service by typing netsh firewall add portopening port=24158 name=WMIFixedPort

After this open port 135 en 24158 in your ASA.

Happy monitoring!